diff --git a/pkg/client/client.go b/pkg/client/client.go
new file mode 100644
index 0000000..ebae188
--- /dev/null
+++ b/pkg/client/client.go
@@ -0,0 +1,54 @@
+package client
+
+import (
+	"crypto/x509"
+	"math/big"
+	"time"
+)
+
+type ClientCertIface interface {
+	Key() []byte
+	PEM() []byte
+}
+
+type ClientCertConfig struct {
+	Serial       *big.Int
+	Subject      Subject
+	Duration     time.Duration
+	SubjectKeyId []byte
+	ExtKeyUsage  []x509.ExtKeyUsage
+	KeyUsage     x509.KeyUsage
+}
+
+type Subject struct {
+	Organization  string
+	Country       string
+	Province      string
+	Locality      string
+	StreetAddress string
+	PostalCode    string
+}
+
+var (
+	subjectKeyId = []byte{1, 2, 3, 4, 6}
+	extKeyUsage  = []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth}
+	keyUsage     = x509.KeyUsageDigitalSignature
+)
+
+func NewDefaultConfig() *ClientCertConfig {
+	return &ClientCertConfig{
+		Serial: big.NewInt(12321),
+		Subject: Subject{
+			Organization:  "",
+			Country:       "",
+			Province:      "",
+			Locality:      "",
+			StreetAddress: "",
+			PostalCode:    "",
+		},
+		Duration:     time.Duration(time.Hour * 24 * 365),
+		SubjectKeyId: subjectKeyId,
+		ExtKeyUsage:  extKeyUsage,
+		KeyUsage:     keyUsage,
+	}
+}