Hi @abh3 , After some investigation, it looks like this issue has already be addressed by you :) Indeed, the `Refresh` thread of the XrdTlsContext.cc file calls the following code ```cpp // We clone the original, this will give us the latest crls (i.e. refreshed). // We drop the lock while doing so as this may take a long time. This is // completely safe to do because we implicitly own the implementation. // ctxImpl->crlMutex.UnLock(); XrdTlsContext *newctx = ctxImpl->owner->Clone(); ``` The cloning will refresh the CRLs but also refresh the server certificate (the Clone() method creates a new `XrdTlsContext`) So I believe this issue can be closed... -- Reply to this email directly or view it on GitHub: https://github.com/xrootd/xrootd/issues/1678#issuecomment-1171365036 You are receiving this because you are subscribed to this thread. Message ID: <[log in to unmask]> ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1