diff --git a/common/include/tfe_utils.h b/common/include/tfe_utils.h
index 8d111d4..70752e4 100644
--- a/common/include/tfe_utils.h
+++ b/common/include/tfe_utils.h
@@ -93,6 +93,7 @@ do { if(!(condition)) { TFE_LOG_ERROR(g_default_logger, fmt, ##__VA_ARGS__); abo
 #define	ATOMIC_DEC(x) 		__atomic_fetch_sub(x,1,__ATOMIC_RELAXED)
 #define	ATOMIC_READ(x)		__atomic_fetch_add(x,0,__ATOMIC_RELAXED)
 #define	ATOMIC_ADD(x, y) 	__atomic_fetch_add(x,y,__ATOMIC_RELAXED)
+#define ATOMIC_ZERO(x)      __atomic_fetch_and(x,0,__ATOMIC_RELAXED)
 
 
 #ifndef MAX
diff --git a/platform/include/internal/ssl_service_cache.h b/platform/include/internal/ssl_service_cache.h
index fe6c09a..7c5b1de 100644
--- a/platform/include/internal/ssl_service_cache.h
+++ b/platform/include/internal/ssl_service_cache.h
@@ -3,6 +3,7 @@
 #include <tfe_types.h>
 #include <ssl_utils.h>
 #include <event2/event.h>
+#include <MESA/MESA_htable.h>
 
 #define PINNING_ST_NOT_PINNING		0
 #define PINNING_ST_PINNING			1
@@ -16,13 +17,6 @@ struct ssl_service_status
 	char is_mutual_auth;
 	char has_protocol_errors;
 };
-
-struct ssl_service_cache;
-struct ssl_service_cache* ssl_service_cache_create(unsigned int slot_size, unsigned int expire_seconds, int fail_as_pinning_cnt, int fail_as_proto_err_cnt, int succ_as_app_not_pinning_cnt, int fail_time_win);
-void ssl_service_cache_destroy(struct ssl_service_cache* cache);
-
-int ssl_service_cache_read(struct ssl_service_cache* svc_cache, const struct ssl_chello* chello, const struct tfe_stream_addr * addr, struct ssl_service_status* result);
-void ssl_service_cache_write(struct ssl_service_cache* svc_cache, const struct ssl_chello* chello, const struct tfe_stream_addr * addr, const struct ssl_service_status* status);
 struct ssl_service_cache_statistics
 {
 	long long pinning_cli_cnt;
@@ -31,5 +25,23 @@ struct ssl_service_cache_statistics
 	long long ev_srv_cnt;
 	long long ct_srv_cnt;
 	long long app_not_pinning_cnt;
+	long long trusted_cert_cnt;
 };
+struct ssl_service_cache
+{
+	MESA_htable_handle cli_st_hash;
+	MESA_htable_handle srv_st_hash;
+	MESA_htable_handle app_st_hash;
+	
+	struct ssl_service_cache_statistics stat;
+	unsigned int fail_as_cli_pinning_count;
+	unsigned int fail_as_proto_err_count;
+	unsigned int fail_time_window;
+	unsigned int succ_as_app_not_pinning_count;
+};
+struct ssl_service_cache* ssl_service_cache_create(unsigned int slot_size, unsigned int expire_seconds, int fail_as_pinning_cnt, int fail_as_proto_err_cnt, int succ_as_app_not_pinning_cnt, int fail_time_win);
+void ssl_service_cache_destroy(struct ssl_service_cache* cache);
+
+int ssl_service_cache_read(struct ssl_service_cache* svc_cache, const struct ssl_chello* chello, const struct tfe_stream_addr * addr, struct ssl_service_status* result);
+void ssl_service_cache_write(struct ssl_service_cache* svc_cache, const struct ssl_chello* chello, const struct tfe_stream_addr * addr, const struct ssl_service_status* status);
 void ssl_service_cache_stat(struct ssl_service_cache* svc_cache, struct ssl_service_cache_statistics* result);
diff --git a/platform/src/ssl_service_cache.cpp b/platform/src/ssl_service_cache.cpp
index b6e5a66..de9a8c8 100644
--- a/platform/src/ssl_service_cache.cpp
+++ b/platform/src/ssl_service_cache.cpp
@@ -25,18 +25,6 @@ struct ssl_svc_app_st
 	unsigned int down_ssl_success_cnt;
 	struct ssl_service_cache* ref_svc_cache;
 };
-struct ssl_service_cache
-{
-	MESA_htable_handle cli_st_hash;
-	MESA_htable_handle srv_st_hash;
-	MESA_htable_handle app_st_hash;
-	
-	struct ssl_service_cache_statistics stat;
-	unsigned int fail_as_cli_pinning_count;
-	unsigned int fail_as_proto_err_count;
-	unsigned int fail_time_window;
-	unsigned int succ_as_app_not_pinning_count;
-};
 struct ssl_service_write_args
 {
 	struct ssl_service_cache* cache;
diff --git a/platform/src/ssl_stream.cpp b/platform/src/ssl_stream.cpp
index ce37fcb..2a1361a 100644
--- a/platform/src/ssl_stream.cpp
+++ b/platform/src/ssl_stream.cpp
@@ -106,6 +106,9 @@ enum ssl_stream_stat
 	SSL_SVC_CT_CERT,
 	SSL_SVC_EV_CERT,
 	SSL_SVC_APP_NOT_PINNING,
+
+	SSL_SVC_TRUSTED_CERT,
+
 	SSL_STAT_MAX
 };
 
@@ -362,6 +365,7 @@ ssl_stream_gc_cb(evutil_socket_t fd, short what, void * arg)
 	mgr->stat_val[SSL_SVC_CT_CERT]=svc_stat.ct_srv_cnt;
 	mgr->stat_val[SSL_SVC_EV_CERT]=svc_stat.ev_srv_cnt;
 	mgr->stat_val[SSL_SVC_APP_NOT_PINNING]=svc_stat.app_not_pinning_cnt;
+	mgr->stat_val[SSL_SVC_TRUSTED_CERT]=svc_stat.trusted_cert_cnt;
 	for(i=0;i<SSL_STAT_MAX;i++)
 	{
 		FS_operate(mgr->fs_handle, mgr->fs_id[i], 0, FS_OP_SET, ATOMIC_READ(&(mgr->stat_val[i])));
@@ -419,6 +423,8 @@ void ssl_stat_init(struct ssl_mgr * mgr)
 	spec[SSL_SVC_EV_CERT]="ssl_ev_crt";
 	spec[SSL_SVC_APP_NOT_PINNING]="app_no_pinning";
 
+	spec[SSL_SVC_TRUSTED_CERT]="trusted_cert_nums";
+
 
 	for(i=0;i<SSL_STAT_MAX;i++)
 	{
@@ -2034,10 +2040,12 @@ void ssl_stream_free(struct ssl_stream * s_stream, struct event_base * evbase, s
 
 int ssl_manager_add_trust_ca(struct ssl_mgr* mgr, const char* pem_file)
 {
+	ATOMIC_INC(&((*(mgr->svc_cache)).stat.trusted_cert_cnt));
 	return ssl_trusted_cert_storage_add(mgr->trust_CA_store, SSL_X509_OBJ_CERT, pem_file);
 }
 int ssl_manager_del_trust_ca(struct ssl_mgr* mgr, const char* pem_file)
 {
+	ATOMIC_DEC(&((*(mgr->svc_cache)).stat.trusted_cert_cnt));
 	return ssl_trusted_cert_storage_del(mgr->trust_CA_store, SSL_X509_OBJ_CERT, pem_file);
 }
 int ssl_manager_add_crl(struct ssl_mgr* mgr, const char* pem_file)
@@ -2050,6 +2058,7 @@ int ssl_manager_del_crl(struct ssl_mgr* mgr, const char* pem_file)
 }
 void ssl_manager_reset_trust_ca(struct ssl_mgr* mgr)
 {
+	ATOMIC_ZERO(&((*(mgr->svc_cache)).stat.trusted_cert_cnt));
 	ssl_trusted_cert_storage_reset(mgr->trust_CA_store);
 	return;
 }