diff --git a/liveMedia/ProxyServerMediaSession.cpp b/liveMedia/ProxyServerMediaSession.cpp
index e12088c..0fdd751 100644
--- a/liveMedia/ProxyServerMediaSession.cpp
+++ b/liveMedia/ProxyServerMediaSession.cpp
@@ -246,7 +246,7 @@ ProxyRTSPClient::ProxyRTSPClient(ProxyServerMediaSession& ourServerMediaSession,
 				 char const* username, char const* password,
 				 portNumBits tunnelOverHTTPPortNum, int verbosityLevel, int socketNumToServer)
   : RTSPClient(ourServerMediaSession.envir(), rtspURL, verbosityLevel, "ProxyRTSPClient",
-	       tunnelOverHTTPPortNum == (portNumBits)(~0) ? 0 : tunnelOverHTTPPortNum, socketNumToServer),
+           tunnelOverHTTPPortNum == (portNumBits)(~0) ? 0 : tunnelOverHTTPPortNum, socketNumToServer),
     fOurServerMediaSession(ourServerMediaSession), fOurURL(strDup(rtspURL)), fStreamRTPOverTCP(tunnelOverHTTPPortNum != 0),
     fSetupQueueHead(NULL), fSetupQueueTail(NULL), fNumSetupsDone(0), fNextDESCRIBEDelay(1),
     fServerSupportsGetParameter(False), fLastCommandWasPLAY(False), fDoneDESCRIBE(False),
diff --git a/liveMedia/RTSPClient.cpp b/liveMedia/RTSPClient.cpp
index 4062837..5adf40a 100644
--- a/liveMedia/RTSPClient.cpp
+++ b/liveMedia/RTSPClient.cpp
@@ -29,9 +29,10 @@ RTSPClient* RTSPClient::createNew(UsageEnvironment& env, char const* rtspURL,
 				  int verbosityLevel,
 				  char const* applicationName,
 				  portNumBits tunnelOverHTTPPortNum,
-				  int socketNumToServer) {
+                  int socketNumToServer,
+                  const char * TLSCAFileName) {
   return new RTSPClient(env, rtspURL,
-			verbosityLevel, applicationName, tunnelOverHTTPPortNum, socketNumToServer);
+            verbosityLevel, applicationName, tunnelOverHTTPPortNum, socketNumToServer, TLSCAFileName);
 }
 
 unsigned RTSPClient::sendDescribeCommand(responseHandler* responseHandler, Authenticator* authenticator) {
@@ -392,7 +393,7 @@ unsigned RTSPClient::responseBufferSize = 20000; // default value; you can reass
 
 RTSPClient::RTSPClient(UsageEnvironment& env, char const* rtspURL,
 		       int verbosityLevel, char const* applicationName,
-		       portNumBits tunnelOverHTTPPortNum, int socketNumToServer)
+               portNumBits tunnelOverHTTPPortNum, int socketNumToServer,const char * TLSCAFileName )
   : Medium(env),
     desiredMaxIncomingPacketSize(0), fVerbosityLevel(verbosityLevel), fCSeq(1),
     fAllowBasicAuthentication(True), fTunnelOverHTTPPortNum(tunnelOverHTTPPortNum),
@@ -400,7 +401,8 @@ RTSPClient::RTSPClient(UsageEnvironment& env, char const* rtspURL,
     fInputSocketNum(-1), fOutputSocketNum(-1), fBaseURL(NULL), fTCPStreamIdCount(0),
     fLastSessionId(NULL), fSessionTimeoutParameter(0), fRequireStr(NULL),
     fSessionCookieCounter(0), fHTTPTunnelingConnectionIsPending(False),
-    fTLS(*this), fPOSTSocketTLS(*this) {
+    fTLS(*this), fPOSTSocketTLS(*this), fTLSCAFileName(TLSCAFileName)
+    {
   fInputTLS = fOutputTLS = &fTLS; // fOutputTLS will change if we're doing RTSP-over-HTTPS
   setBaseURL(rtspURL);
 
diff --git a/liveMedia/TLSState.cpp b/liveMedia/TLSState.cpp
index f176f83..c699c98 100644
--- a/liveMedia/TLSState.cpp
+++ b/liveMedia/TLSState.cpp
@@ -131,6 +131,22 @@ int ClientTLSState::connect(int socketNum) {
 #endif
 }
 
+
+int verify_callback(int preverify_ok, X509_STORE_CTX *ctx) {
+
+    X509 *cert = X509_STORE_CTX_get_current_cert(ctx);
+    int depth = X509_STORE_CTX_get_error_depth(ctx);
+    int err = X509_STORE_CTX_get_error(ctx);
+
+    if (err == X509_V_OK) return 1;
+
+    fprintf(stderr, "SSL error : %s\n", X509_verify_cert_error_string(err));
+
+    return 0;
+    }
+
+/*Trusted CAs location*/
+
 #ifndef NO_OPENSSL
 Boolean ClientTLSState::setup(int socketNum) {
   do {
@@ -142,6 +158,14 @@ Boolean ClientTLSState::setup(int socketNum) {
     fCtx = SSL_CTX_new(meth);
     if (fCtx == NULL) break;
 
+    if ((fClient.fTLSCAFileName) && (SSL_CTX_load_verify_locations(fCtx,fClient.fTLSCAFileName,NULL)))
+    {
+       printf("Setting CA file to %s\n", fClient.fTLSCAFileName);
+    }
+
+    SSL_CTX_set_verify(fCtx, SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE, verify_callback);
+
+
     fCon = SSL_new(fCtx);
     if (fCon == NULL) break;
 
diff --git a/liveMedia/include/RTSPClient.hh b/liveMedia/include/RTSPClient.hh
index f0b54ed..e96a381 100644
--- a/liveMedia/include/RTSPClient.hh
+++ b/liveMedia/include/RTSPClient.hh
@@ -45,7 +45,7 @@ public:
 			       int verbosityLevel = 0,
 			       char const* applicationName = NULL,
 			       portNumBits tunnelOverHTTPPortNum = 0,
-			       int socketNumToServer = -1);
+                   int socketNumToServer = -1, const char * TLSCAFileName = NULL);
   // If "tunnelOverHTTPPortNum" is non-zero, we tunnel RTSP (and RTP)
   //     over a HTTP connection with the given port number, using the technique
   //     described in Apple's document <http://developer.apple.com/documentation/QuickTime/QTSS/Concepts/chapter_2_section_14.html>
@@ -223,7 +223,6 @@ public: // Some compilers complain if this is "private:"
     float scale() const { return fScale; }
     char* contentStr() const { return fContentStr; }
     responseHandler*& handler() { return fHandler; }
-
   private:
     RequestRecord* fNext;
     unsigned fCSeq;
@@ -240,7 +239,7 @@ public: // Some compilers complain if this is "private:"
 
 protected:
   RTSPClient(UsageEnvironment& env, char const* rtspURL,
-	     int verbosityLevel, char const* applicationName, portNumBits tunnelOverHTTPPortNum, int socketNumToServer);
+         int verbosityLevel, char const* applicationName, portNumBits tunnelOverHTTPPortNum, int socketNumToServer, const char * TLSCAFileName = NULL);
       // called only by createNew();
   virtual ~RTSPClient();
 
@@ -365,6 +364,7 @@ private:
   ClientTLSState fPOSTSocketTLS; // used only for RTSP-over-HTTPS
   ClientTLSState* fInputTLS;
   ClientTLSState* fOutputTLS;
+  char const* fTLSCAFileName;
   friend class ClientTLSState;
 };
 
diff --git a/testProgs/openRTSP.cpp b/testProgs/openRTSP.cpp
index d99f54b..37da848 100644
--- a/testProgs/openRTSP.cpp
+++ b/testProgs/openRTSP.cpp
@@ -26,7 +26,7 @@ along with this library; if not, write to the Free Software Foundation, Inc.,
 RTSPClient* ourRTSPClient = NULL;
 Medium* createClient(UsageEnvironment& env, char const* url, int verbosityLevel, char const* applicationName) {
   extern portNumBits tunnelOverHTTPPortNum;
-  return ourRTSPClient = RTSPClient::createNew(env, url, verbosityLevel, applicationName, tunnelOverHTTPPortNum);
+  return ourRTSPClient = RTSPClient::createNew(env, url, verbosityLevel, applicationName, tunnelOverHTTPPortNum, -1, "/home/thales/CA/certs/myCA.pem");
 }
 
 void assignClient(Medium* client) {
diff --git a/testProgs/testOnDemandRTSPServer.cpp b/testProgs/testOnDemandRTSPServer.cpp
index c417766..5519deb 100644
--- a/testProgs/testOnDemandRTSPServer.cpp
+++ b/testProgs/testOnDemandRTSPServer.cpp
@@ -23,6 +23,11 @@ along with this library; if not, write to the Free Software Foundation, Inc.,
 #include "BasicUsageEnvironment.hh"
 #include "announceURL.hh"
 
+#define SERVER_USE_TLS 
+
+#define PATHNAME_TO_CERTIFICATE_FILE "/home/thales/git/live.2025.05.24/testProgs/public.pem"
+#define PATHNAME_TO_PRIVATE_KEY_FILE "/home/thales/git/live.2025.05.24/testProgs/private.pem"
+
 UsageEnvironment* env;
 
 // To make the second and subsequent client for each stream reuse the same
diff --git a/testProgs/testRTSPClient.cpp b/testProgs/testRTSPClient.cpp
index fad1d91..ea1aef7 100644
--- a/testProgs/testRTSPClient.cpp
+++ b/testProgs/testRTSPClient.cpp
@@ -119,11 +119,11 @@ public:
   static ourRTSPClient* createNew(UsageEnvironment& env, char const* rtspURL,
 				  int verbosityLevel = 0,
 				  char const* applicationName = NULL,
-				  portNumBits tunnelOverHTTPPortNum = 0);
+                  portNumBits tunnelOverHTTPPortNum = 0, const char * TLSCAFileName = NULL);
 
 protected:
   ourRTSPClient(UsageEnvironment& env, char const* rtspURL,
-		int verbosityLevel, char const* applicationName, portNumBits tunnelOverHTTPPortNum);
+        int verbosityLevel, char const* applicationName, portNumBits tunnelOverHTTPPortNum, const char * TLSCAFileName = NULL);
     // called only by createNew();
   virtual ~ourRTSPClient();
 
@@ -441,13 +441,13 @@ void shutdownStream(RTSPClient* rtspClient, int exitCode) {
 // Implementation of "ourRTSPClient":
 
 ourRTSPClient* ourRTSPClient::createNew(UsageEnvironment& env, char const* rtspURL,
-					int verbosityLevel, char const* applicationName, portNumBits tunnelOverHTTPPortNum) {
-  return new ourRTSPClient(env, rtspURL, verbosityLevel, applicationName, tunnelOverHTTPPortNum);
+                    int verbosityLevel, char const* applicationName, portNumBits tunnelOverHTTPPortNum, const char * TLSCAFileName) {
+  return new ourRTSPClient(env, rtspURL, verbosityLevel, applicationName, tunnelOverHTTPPortNum, TLSCAFileName);
 }
 
 ourRTSPClient::ourRTSPClient(UsageEnvironment& env, char const* rtspURL,
-			     int verbosityLevel, char const* applicationName, portNumBits tunnelOverHTTPPortNum)
-  : RTSPClient(env,rtspURL, verbosityLevel, applicationName, tunnelOverHTTPPortNum, -1) {
+                 int verbosityLevel, char const* applicationName, portNumBits tunnelOverHTTPPortNum, const char * TLSCAFileNAme)
+  : RTSPClient(env,rtspURL, verbosityLevel, applicationName, tunnelOverHTTPPortNum, -1, TLSCAFileNAme) {
 }
 
 ourRTSPClient::~ourRTSPClient() {