I'm going with connection level authentication, so as soon as the ssl connection is established the user is authenticated.

As a result I want to disable csrs(certificate signing requests) from the client. Otherwise any client could just submit a csr and be able to connect.

How do I disable certificate signing requests from the client?