diff --git a/libraries/ESP8266WiFi/examples/HTTPSRequest/HTTPSRequest.ino b/libraries/ESP8266WiFi/examples/HTTPSRequest/HTTPSRequest.ino
index 975fe13ef..6d10d5115 100644
--- a/libraries/ESP8266WiFi/examples/HTTPSRequest/HTTPSRequest.ino
+++ b/libraries/ESP8266WiFi/examples/HTTPSRequest/HTTPSRequest.ino
@@ -4,7 +4,7 @@
  *  This example demonstrates how to use
  *  WiFiClientSecure class to access HTTPS API.
  *  We fetch and display the status of
- *  esp8266/Arduino project continous integration
+ *  esp8266/Arduino project continuous integration
  *  build.
  *
  *  Created by Ivan Grokhotkov, 2015.
@@ -54,7 +54,7 @@ void setup() {
     Serial.println("certificate doesn't match");
   }
 
-  String url = "/repos/esp8266/Arduino/commits/esp8266/status";
+  String url = "/repos/esp8266/Arduino/commits/master/status";
   Serial.print("requesting URL: ");
   Serial.println(url);
 
diff --git a/libraries/ESP8266WiFi/src/WiFiClientSecure.cpp b/libraries/ESP8266WiFi/src/WiFiClientSecure.cpp
index 6d4365221..247701acd 100644
--- a/libraries/ESP8266WiFi/src/WiFiClientSecure.cpp
+++ b/libraries/ESP8266WiFi/src/WiFiClientSecure.cpp
@@ -50,6 +50,17 @@ extern "C"
 #define SSL_DEBUG_OPTS 0
 #endif
 
+uint8_t* default_private_key = 0;
+uint32_t default_private_key_len = 0;
+static bool default_private_key_dynamic = false;
+//
+uint8_t* default_certificate = 0;
+uint32_t default_certificate_len = 0;
+static bool default_certificate_dynamic = false;
+
+static void clear_private_key();
+static void clear_certificate();
+
 
 class SSLContext {
 public:
@@ -70,6 +81,9 @@ public:
         if (_ssl_ctx_refcnt == 0) {
             ssl_ctx_free(_ssl_ctx);
         }
+
+        clear_private_key();
+        clear_certificate();
     }
 
     void ref() {
@@ -337,6 +351,66 @@ bool WiFiClientSecure::verify(const char* fp, const char* url) {
     return true;
 }
 
+void WiFiClientSecure::setCertificate(const uint8_t* cert_data, size_t size) {
+  clear_certificate();
+  default_certificate = (uint8_t*) cert_data;
+  default_certificate_len = size;
+}
+
+void WiFiClientSecure::setPrivateKey(const uint8_t* pk, size_t size) {
+  clear_private_key();
+  default_private_key = (uint8_t*) pk;
+  default_private_key_len = size;
+}
+
+bool WiFiClientSecure::loadCertificate(Stream& stream, size_t size) {
+  clear_certificate();
+  default_certificate = new uint8_t[size];
+  if (!default_certificate) {
+    return false;
+  }
+  if (stream.readBytes(default_certificate, size) != size) {
+    delete[] default_certificate;
+    return false;
+  }
+  default_certificate_dynamic = true;
+  default_certificate_len = size;
+  return true;
+}
+
+bool WiFiClientSecure::loadPrivateKey(Stream& stream, size_t size) {
+  clear_private_key();
+  default_private_key = new uint8_t[size];
+  if (!default_private_key) {
+    return false;
+  }
+  if (stream.readBytes(default_private_key, size) != size) {
+    delete[] default_private_key;
+    return false;
+  }
+  default_private_key_dynamic = true;
+  default_private_key_len = size;
+  return true;
+}
+
+static void clear_private_key() {
+  if (default_private_key && default_private_key_dynamic) {
+    delete[] default_private_key;
+    default_private_key_dynamic = false;
+  }
+  default_private_key = 0;
+  default_private_key_len = 0;
+}
+
+static void clear_certificate() {
+  if (default_certificate && default_certificate_dynamic) {
+    delete[] default_certificate;
+    default_certificate_dynamic = false;
+  }
+  default_certificate = 0;
+  default_certificate_len = 0;
+}
+
 extern "C" int ax_port_read(int fd, uint8_t* buffer, size_t count) {
     ClientContext* _client = reinterpret_cast<ClientContext*>(fd);
     if (_client->state() != ESTABLISHED && !_client->getSize()) {
diff --git a/libraries/ESP8266WiFi/src/WiFiClientSecure.h b/libraries/ESP8266WiFi/src/WiFiClientSecure.h
index 8ce11f939..07b111e1a 100644
--- a/libraries/ESP8266WiFi/src/WiFiClientSecure.h
+++ b/libraries/ESP8266WiFi/src/WiFiClientSecure.h
@@ -48,6 +48,22 @@ public:
   int peek() override;
   void stop() override;
 
+  void setCertificate(const uint8_t* cert_data, size_t size);
+  void setPrivateKey(const uint8_t* pk, size_t size);
+
+  bool loadCertificate(Stream& stream, size_t size);
+  bool loadPrivateKey(Stream& stream, size_t size);
+
+  template<typename TFile>
+  bool loadCertificate(TFile& file) {
+    return loadCertificate(file, file.size());
+  }
+
+  template<typename TFile>
+  bool loadPrivateKey(TFile& file) {
+    return loadPrivateKey(file, file.size());
+  }
+
 protected:
     int _connectSSL();
 
diff --git a/tools/sdk/lib/libaxtls.a b/tools/sdk/lib/libaxtls.a
index b74d97cc4..9e29c802b 100644
Binary files a/tools/sdk/lib/libaxtls.a and b/tools/sdk/lib/libaxtls.a differ