Hi, I'm using asterisk with a bundled pjsip version 2.7.2 but checked the docs and there seems to be the same problem with pjsip 2.8 series. I'm using a TLS transport with client certificate authentication in pjsip: verify_client=yes require_client_cert=yes It's working flawlessly except for the fact that the system doesn't honor the CRL declared in the certificates and it doesn't even allow to specify a CRL file to check certificates validity. I think that this is a crucial feature for everyone that wants to use client certificate authentication, because otherwise there is no way to invalidate a stolen certificate. if this authentication would be fully implemented many people could switch from VoIP vpns to this type of security. It should be great if the support would be complete, thus means allowing to use certificates with crl extensions or ocsp service to check the revocation. Anyway it could be a start (and a really appreciated one) to add an option like ca_crl_file in order to specify the crl to check the certificates on. Regards Giuseppe