diff --git a/base/common/src/main/java/org/dogtagpki/client/NonBlockingSocketFactory.java b/base/common/src/main/java/org/dogtagpki/client/NonBlockingSocketFactory.java
index dd59a0b6f6e..dab461e8fb2 100644
--- a/base/common/src/main/java/org/dogtagpki/client/NonBlockingSocketFactory.java
+++ b/base/common/src/main/java/org/dogtagpki/client/NonBlockingSocketFactory.java
@@ -79,18 +79,10 @@ public Socket connectSocket(Socket socket,
             KeyManagerFactory kmf = KeyManagerFactory.getInstance("NssX509", "Mozilla-JSS");
             KeyManager[] kms = kmf.getKeyManagers();
 
-            // Create JSSTrustManager since the default JSSNativeTrustManager
-            // does not support hostname validation and cert approval callback.
-            //
-            // JSSTrustManager currently does not support cert validation with
-            // OCSP and CRL.
-            //
-            // TODO: Fix JSSTrustManager to support OCSP and CRL, then replace
-            // DefaultSocketFactory with this class.
-
             JSSTrustManager trustManager = new JSSTrustManager();
             trustManager.setHostname(hostname);
             trustManager.setCallback(connection.getCallback());
+	    trustManager.setEnableCertRevokeVerify(true);
 
             TrustManager[] tms = new TrustManager[] { trustManager };