diff --git a/CMakeLists.txt b/CMakeLists.txt
index 455a2695d..a45f92f63 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -552,6 +552,7 @@ CHECK_FUNCTION_EXISTS(_atoi64 LWS_HAVE__ATOI64)
 CHECK_FUNCTION_EXISTS(_stat32i64 LWS_HAVE__STAT32I64)
 CHECK_FUNCTION_EXISTS(clock_gettime LWS_HAVE_CLOCK_GETTIME)
 CHECK_FUNCTION_EXISTS(localtime_r LWS_HAVE_LOCALTIME_R)
+CHECK_FUNCTION_EXISTS(ctime_r LWS_HAVE_CTIME_R)
 CHECK_FUNCTION_EXISTS(getgrgid_r LWS_HAVE_GETGRGID_R)
 CHECK_FUNCTION_EXISTS(getgrnam_r LWS_HAVE_GETGRNAM_R)
 CHECK_FUNCTION_EXISTS(getpwuid_r LWS_HAVE_GETPWUID_R)
diff --git a/cmake/lws_config.h.in b/cmake/lws_config.h.in
index 04c8ceb00..ff3530842 100644
--- a/cmake/lws_config.h.in
+++ b/cmake/lws_config.h.in
@@ -51,6 +51,7 @@
 #cmakedefine LWS_HAVE_EVP_PKEY_new_raw_private_key
 #cmakedefine LWS_HAVE_EXECVPE
 #cmakedefine LWS_HAVE_LOCALTIME_R
+#cmakedefine LWS_HAVE_CTIME_R
 #cmakedefine LWS_HAVE_GETGRGID_R
 #cmakedefine LWS_HAVE_GETGRNAM_R
 #cmakedefine LWS_HAVE_GETPWUID_R
diff --git a/minimal-examples/http-client/minimal-http-client-certinfo/minimal-http-client-certinfo.c b/minimal-examples/http-client/minimal-http-client-certinfo/minimal-http-client-certinfo.c
index 2eb8968f7..ec9a9ebb1 100644
--- a/minimal-examples/http-client/minimal-http-client-certinfo/minimal-http-client-certinfo.c
+++ b/minimal-examples/http-client/minimal-http-client-certinfo/minimal-http-client-certinfo.c
@@ -26,6 +26,9 @@ callback_http(struct lws *wsi, enum lws_callback_reasons reason,
 	uint8_t buf[1280];
 	union lws_tls_cert_info_results *ci =
 		(union lws_tls_cert_info_results *)buf;
+#if defined(LWS_HAVE_CTIME_R)
+	char date[32];
+#endif
 
 	switch (reason) {
 
@@ -50,11 +53,22 @@ callback_http(struct lws *wsi, enum lws_callback_reasons reason,
 
 		if (!lws_tls_peer_cert_info(wsi, LWS_TLS_CERT_INFO_VALIDITY_FROM,
 					    ci, 0))
-			lwsl_notice(" Peer Cert Valid from: %s", ctime(&ci->time));
-
+#if defined(LWS_HAVE_CTIME_R)
+			lwsl_notice(" Peer Cert Valid from: %s", 
+						ctime_r(&ci->time, date));
+#else
+			lwsl_notice(" Peer Cert Valid from: %s", 
+						ctime(&ci->time));
+#endif
 		if (!lws_tls_peer_cert_info(wsi, LWS_TLS_CERT_INFO_VALIDITY_TO,
 					    ci, 0))
-			lwsl_notice(" Peer Cert Valid to  : %s", ctime(&ci->time));
+#if defined(LWS_HAVE_CTIME_R)
+			lwsl_notice(" Peer Cert Valid to  : %s",
+						ctime_r(&ci->time, date));
+#else
+			lwsl_notice(" Peer Cert Valid to  : %s",
+						ctime(&ci->time));
+#endif
 		if (!lws_tls_peer_cert_info(wsi, LWS_TLS_CERT_INFO_USAGE,
 					    ci, 0))
 			lwsl_notice(" Peer Cert usage bits: 0x%x\n", ci->usage);
diff --git a/minimal-examples/http-server/minimal-http-server-dynamic/minimal-http-server-dynamic.c b/minimal-examples/http-server/minimal-http-server-dynamic/minimal-http-server-dynamic.c
index 9cf8ebe82..2d5769e3b 100644
--- a/minimal-examples/http-server/minimal-http-server-dynamic/minimal-http-server-dynamic.c
+++ b/minimal-examples/http-server/minimal-http-server-dynamic/minimal-http-server-dynamic.c
@@ -45,6 +45,9 @@ callback_dynamic_http(struct lws *wsi, enum lws_callback_reasons reason,
 		*end = &buf[sizeof(buf) - LWS_PRE - 1];
 	time_t t;
 	int n;
+#if defined(LWS_HAVE_CTIME_R)
+	char date[32];
+#endif
 
 	switch (reason) {
 	case LWS_CALLBACK_HTTP:
@@ -152,7 +155,12 @@ callback_dynamic_http(struct lws *wsi, enum lws_callback_reasons reason,
 				"<img src=\"/libwebsockets.org-logo.svg\">"
 				"<br>Dynamic content for '%s' from mountpoint."
 				"<br>Time: %s<br><br>"
-				"</body></html>", pss->path, ctime(&t));
+				"</body></html>", pss->path,
+#if defined(LWS_HAVE_CTIME_R)
+				ctime_r(&t, date));
+#else
+				ctime(&t));
+#endif
 		} else {
 			/*
 			 * after the first time, we create bulk content.
diff --git a/test-apps/test-client.c b/test-apps/test-client.c
index 1115c882b..2c3e97cee 100644
--- a/test-apps/test-client.c
+++ b/test-apps/test-client.c
@@ -120,6 +120,9 @@ callback_dumb_increment(struct lws *wsi, enum lws_callback_reasons reason,
 {
 #if defined(LWS_WITH_TLS)
 	union lws_tls_cert_info_results ci;
+#if defined(LWS_HAVE_CTIME_R) && !defined(LWS_WITH_NO_LOGS)
+	char date[32];
+#endif
 #endif
 	const char *which = "http";
 	char which_wsi[10], buf[50 + LWS_PRE];
@@ -190,11 +193,22 @@ callback_dumb_increment(struct lws *wsi, enum lws_callback_reasons reason,
 
 		if (!lws_tls_peer_cert_info(wsi, LWS_TLS_CERT_INFO_VALIDITY_FROM,
 					    &ci, 0))
-			lwsl_notice(" Peer Cert Valid from: %s", ctime(&ci.time));
-
+#if defined(LWS_HAVE_CTIME_R)
+			lwsl_notice(" Peer Cert Valid from: %s",
+						ctime_r(&ci.time, date));
+#else
+			lwsl_notice(" Peer Cert Valid from: %s",
+						ctime(&ci.time));
+#endif
 		if (!lws_tls_peer_cert_info(wsi, LWS_TLS_CERT_INFO_VALIDITY_TO,
 					    &ci, 0))
-			lwsl_notice(" Peer Cert Valid to  : %s", ctime(&ci.time));
+#if defined(LWS_HAVE_CTIME_R)
+			lwsl_notice(" Peer Cert Valid to  : %s",
+						ctime_r(&ci.time, date));
+#else
+			lwsl_notice(" Peer Cert Valid to  : %s",
+						ctime(&ci.time));
+#endif
 		if (!lws_tls_peer_cert_info(wsi, LWS_TLS_CERT_INFO_USAGE,
 					    &ci, 0))
 			lwsl_notice(" Peer Cert usage bits: 0x%x\n", ci.usage);