diff --git a/hal/inc/tls_config.h b/hal/inc/tls_config.h
index f4333ca6..01e6d524 100644
--- a/hal/inc/tls_config.h
+++ b/hal/inc/tls_config.h
@@ -296,6 +296,13 @@ TLSConfiguration_addCRL(TLSConfiguration self, uint8_t* crl, int crlLen);
 PAL_API bool
 TLSConfiguration_addCRLFromFile(TLSConfiguration self, const char* filename);
 
+/**
+ * \brief Removes any CRL (certificate revocation list) currently in use
+ *
+ */
+PAL_API void
+TLSConfiguration_resetCRL(TLSConfiguration self);
+
 /**
  * Release all resource allocated by the TLSConfiguration instance
  *
diff --git a/hal/tls/mbedtls/tls_mbedtls.c b/hal/tls/mbedtls/tls_mbedtls.c
index f7d7127e..30a9ac19 100644
--- a/hal/tls/mbedtls/tls_mbedtls.c
+++ b/hal/tls/mbedtls/tls_mbedtls.c
@@ -475,6 +475,14 @@ TLSConfiguration_addCRLFromFile(TLSConfiguration self, const char* filename)
     return (ret == 0);
 }
 
+void
+TLSConfiguration_resetCRL(TLSConfiguration self)
+{
+    mbedtls_x509_crl_free(&(self->crl));
+    mbedtls_x509_crl_init(&(self->crl));
+    self->crlUpdated = Hal_getTimeInMs();
+}
+
 void
 TLSConfiguration_setRenegotiationTime(TLSConfiguration self, int timeInMs)
 {