diff --git a/clientcsr.conf b/clientcsr.conf
index f3d48ff..6a7a9e6 100644
--- a/clientcsr.conf
+++ b/clientcsr.conf
@@ -1,7 +1,7 @@
 # Request configuration for client certificates
 #
 # Author: Jan Dittberner <jan@dittberner.info>
-# Date:   2011-05-04
+# Date:   2015-02-03
 
 RANDFILE                        = $ENV::HOME/ca/.rnd
 
@@ -9,10 +9,9 @@ RANDFILE                        = $ENV::HOME/ca/.rnd
 default_bits                    = 2048
 distinguished_name              = req_distinguished_name
 req_extensions                  = v3_client_ext
-
-# This sets a mask for permitted string types. There are several options. 
-# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
-string_mask                     = nombstr
+utf8                            = yes
+default_md                      = sha256
+string_mask                     = utf8only
 
 [ req_distinguished_name ]
 countryName                     = Country Name (2 letter code)
diff --git a/rootca.conf b/rootca.conf
index f3b99b3..76d6345 100644
--- a/rootca.conf
+++ b/rootca.conf
@@ -2,11 +2,11 @@
 # this CA should only be used to sign sub CAs
 #
 # Author: Jan Dittberner <jan@dittberner.info>
-# Date:   2011-05-03
+# Date:   2015-02-03
 
 RANDFILE        = $ENV::HOME/rootca/.rnd
 
-extensions      = v3_ext 
+extensions      = v3_ext
 
 [ ca ]
 default_ca      = EXAMPLEROOT     # name of the default CA section
diff --git a/rootreq.conf b/rootreq.conf
index 73e34bf..6f88956 100644
--- a/rootreq.conf
+++ b/rootreq.conf
@@ -1,18 +1,17 @@
 # Request configuration for CA certificate
 #
 # Author: Jan Dittberner <jan@dittberner.info>
-# Date:   2011-05-03
+# Date:   2015-02-03
 
 RANDFILE                        = $ENV::HOME/ca/.rnd
 
 [ req ]
-default_bits                    = 2048
+default_bits                    = 4096
 distinguished_name              = req_distinguished_name
 x509_extensions                 = v3_ca_ext
-
-# This sets a mask for permitted string types. There are several options. 
-# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
-string_mask                     = nombstr
+utf8                            = yes
+default_md                      = sha256
+string_mask                     = utf8only
 
 [ req_distinguished_name ]
 countryName                     = Country Name (2 letter code)
diff --git a/servercsr.conf b/servercsr.conf
index a1e0257..3fccfc9 100644
--- a/servercsr.conf
+++ b/servercsr.conf
@@ -1,7 +1,7 @@
 # Request configuration for server certificates
 #
 # Author: Jan Dittberner <jan@dittberner.info>
-# Date:   2011-05-04
+# Date:   2015-02-03
 
 RANDFILE                        = $ENV::HOME/ca/.rnd
 
@@ -9,10 +9,9 @@ RANDFILE                        = $ENV::HOME/ca/.rnd
 default_bits                    = 2048
 distinguished_name              = req_distinguished_name
 req_extensions                  = v3_server_ext
-
-# This sets a mask for permitted string types. There are several options. 
-# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
-string_mask                     = nombstr
+utf8                            = yes
+default_md                      = sha256
+string_mask                     = utf8only
 
 [ req_distinguished_name ]
 countryName                     = Country Name (2 letter code)
diff --git a/subca.conf b/subca.conf
index fe77f52..12733e8 100644
--- a/subca.conf
+++ b/subca.conf
@@ -2,11 +2,11 @@
 # this CA should be used to sign client and server certificates
 #
 # Author: Jan Dittberner <jan@dittberner.info>
-# Date:   2011-05-04
+# Date:   2015-02-03
 
 RANDFILE        = $ENV::HOME/subca/.rnd
 
-extensions      = v3_ext 
+extensions      = v3_ext
 
 [ ca ]
 default_ca      = EXAMPLESUBCA     # name of the default CA section
diff --git a/subcareq.conf b/subcareq.conf
index 539fef3..46abf33 100644
--- a/subcareq.conf
+++ b/subcareq.conf
@@ -1,18 +1,17 @@
 # Request configuration for Sub CA certificate
 #
 # Author: Jan Dittberner <jan@dittberner.info>
-# Date:   2011-05-04
+# Date:   2015-02-03
 
 RANDFILE                        = $ENV::HOME/ca/.rnd
 
 [ req ]
-default_bits                    = 2048
+default_bits                    = 4096
 distinguished_name              = req_distinguished_name
 req_extensions                  = v3_subca_ext
-
-# This sets a mask for permitted string types. There are several options. 
-# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
-string_mask                     = nombstr
+utf8                            = yes
+default_md                      = sha256
+string_mask                     = utf8only
 
 [ req_distinguished_name ]
 countryName                     = Country Name (2 letter code)