diff --git a/config/v16/profile_schemas/Internal.json b/config/v16/profile_schemas/Internal.json
index 343154aed1..346296aaa1 100644
--- a/config/v16/profile_schemas/Internal.json
+++ b/config/v16/profile_schemas/Internal.json
@@ -193,13 +193,13 @@
         "VerifyCsmsCommonName": {
             "$comment": "Verify that the CSMS certificates commonName matches the CSMS FQDN",
             "type": "boolean",
-            "readOnly": true,
+            "readOnly": false,
             "default": true
         },
         "VerifyCsmsAllowWildcards": {
             "$comment": "Allow wildcards when verifying the CSMS commonName",
             "type": "boolean",
-            "readOnly": true,
+            "readOnly": false,
             "default": false
         },        
         "OcspRequestInterval": {
diff --git a/config/v201/component_schemas/standardized/InternalCtrlr.json b/config/v201/component_schemas/standardized/InternalCtrlr.json
index c03deb5aa3..9a4c36574b 100644
--- a/config/v201/component_schemas/standardized/InternalCtrlr.json
+++ b/config/v201/component_schemas/standardized/InternalCtrlr.json
@@ -341,6 +341,51 @@
           "default": true,
           "type": "boolean"
       },
+      "VerifyCsmsCommonName": {
+        "variable_name": "VerifyCsmsCommonName",
+        "characteristics": {
+            "supportsMonitoring": false,
+            "dataType": "boolean"
+        },
+        "attributes": [
+            {
+                "type": "Actual",
+                "mutability": "ReadWrite"
+            }
+        ],
+        "default": true,
+        "type": "boolean"
+      },
+      "UseTPM": {
+        "variable_name": "UseTPM",
+        "characteristics": {
+            "supportsMonitoring": false,
+            "dataType": "boolean"
+        },
+        "attributes": [
+            {
+                "type": "Actual",
+                "mutability": "ReadOnly"
+            }
+        ],
+        "default": false,
+        "type": "boolean"
+      },
+      "VerifyCsmsAllowWildcards": {
+        "variable_name": "VerifyCsmsAllowWildcards",
+        "characteristics": {
+            "supportsMonitoring": false,
+            "dataType": "boolean"
+        },
+        "attributes": [
+            {
+                "type": "Actual",
+                "mutability": "ReadWrite"
+            }
+        ],
+        "default": false,
+        "type": "boolean"
+      },
       "OcspRequestInterval": {
           "variable_name": "OcspRequestInterval",
           "characteristics": {
diff --git a/include/ocpp/v16/charge_point_configuration.hpp b/include/ocpp/v16/charge_point_configuration.hpp
index 9f6957ff06..0c16fcefd5 100644
--- a/include/ocpp/v16/charge_point_configuration.hpp
+++ b/include/ocpp/v16/charge_point_configuration.hpp
@@ -85,6 +85,7 @@ class ChargePointConfiguration {
     bool getVerifyCsmsCommonName();
     KeyValue getVerifyCsmsCommonNameKeyValue();
     bool getVerifyCsmsAllowWildcards();
+    KeyValue getVerifyCsmsAllowWildcardsKeyValue();
     bool getUseTPM();
     std::string getSupportedMeasurands();
     KeyValue getSupportedMeasurandsKeyValue();
diff --git a/include/ocpp/v201/ctrlr_component_variables.hpp b/include/ocpp/v201/ctrlr_component_variables.hpp
index 3009f2b289..603e094314 100644
--- a/include/ocpp/v201/ctrlr_component_variables.hpp
+++ b/include/ocpp/v201/ctrlr_component_variables.hpp
@@ -58,6 +58,9 @@ extern const ComponentVariable& RoundClockAlignedTimestamps;
 extern const ComponentVariable& MaxCompositeScheduleDuration;
 extern const RequiredComponentVariable& NumberOfConnectors;
 extern const ComponentVariable& UseSslDefaultVerifyPaths;
+extern const ComponentVariable& VerifyCsmsCommonName;
+extern const ComponentVariable& UseTPM;
+extern const ComponentVariable& VerifyCsmsAllowWildcards;
 extern const ComponentVariable& OcspRequestInterval;
 extern const ComponentVariable& WebsocketPingPayload;
 extern const ComponentVariable& WebsocketPongTimeout;
diff --git a/lib/ocpp/common/websocket/websocket_tls.cpp b/lib/ocpp/common/websocket/websocket_tls.cpp
index 3fb673bbdb..6db0a60cca 100644
--- a/lib/ocpp/common/websocket/websocket_tls.cpp
+++ b/lib/ocpp/common/websocket/websocket_tls.cpp
@@ -308,9 +308,9 @@ tls_context WebsocketTLS::on_tls_init(std::string hostname, websocketpp::connect
         if (this->connection_options.verify_csms_common_name) {
 
             // Verify hostname
-            X509_VERIFY_PARAM *param = X509_VERIFY_PARAM_new();
+            X509_VERIFY_PARAM* param = X509_VERIFY_PARAM_new();
 
-            if(this->connection_options.verify_csms_allow_wildcards) {
+            if (this->connection_options.verify_csms_allow_wildcards) {
                 X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
             } else {
                 X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_WILDCARDS);
diff --git a/lib/ocpp/v16/charge_point_configuration.cpp b/lib/ocpp/v16/charge_point_configuration.cpp
index cb0aa0fe21..09e7da39a0 100644
--- a/lib/ocpp/v16/charge_point_configuration.cpp
+++ b/lib/ocpp/v16/charge_point_configuration.cpp
@@ -356,7 +356,6 @@ bool ChargePointConfiguration::getVerifyCsmsAllowWildcards() {
     return this->config["Internal"]["VerifyCsmsAllowWildcards"];
 }
 
-
 std::string ChargePointConfiguration::getSupportedMeasurands() {
     return this->config["Internal"]["SupportedMeasurands"];
 }
@@ -550,6 +549,14 @@ KeyValue ChargePointConfiguration::getVerifyCsmsCommonNameKeyValue() {
     return kv;
 }
 
+KeyValue ChargePointConfiguration::getVerifyCsmsAllowWildcardsKeyValue() {
+    KeyValue kv;
+    kv.key = "VerifyCsmsAllowWildcards";
+    kv.readonly = true;
+    kv.value.emplace(ocpp::conversions::bool_to_string(this->getVerifyCsmsAllowWildcards()));
+    return kv;
+}
+
 KeyValue ChargePointConfiguration::getSupportedMeasurandsKeyValue() {
     KeyValue kv;
     kv.key = "SupportedMeasurands";
@@ -2256,6 +2263,9 @@ std::optional<KeyValue> ChargePointConfiguration::get(CiString<50> key) {
     if (key == "VerifyCsmsCommonName") {
         return this->getVerifyCsmsCommonNameKeyValue();
     }
+    if (key == "VerifyCsmsAllowWildcards") {
+        return this->getVerifyCsmsAllowWildcardsKeyValue();
+    }
     if (key == "OcspRequestInterval") {
         return this->getOcspRequestIntervalKeyValue();
     }
diff --git a/lib/ocpp/v16/charge_point_impl.cpp b/lib/ocpp/v16/charge_point_impl.cpp
index bcbf36c802..88aee7032a 100644
--- a/lib/ocpp/v16/charge_point_impl.cpp
+++ b/lib/ocpp/v16/charge_point_impl.cpp
@@ -242,8 +242,7 @@ WebsocketConnectionOptions ChargePointImpl::get_ws_connection_options() {
                                                   this->configuration->getHostName(),
                                                   this->configuration->getVerifyCsmsCommonName(),
                                                   this->configuration->getUseTPM(),
-                                                  this->configuration->getVerifyCsmsAllowWildcards()
-                                                  };
+                                                  this->configuration->getVerifyCsmsAllowWildcards()};
     return connection_options;
 }
 
diff --git a/lib/ocpp/v201/charge_point.cpp b/lib/ocpp/v201/charge_point.cpp
index 93d8837fcc..15fd044e22 100644
--- a/lib/ocpp/v201/charge_point.cpp
+++ b/lib/ocpp/v201/charge_point.cpp
@@ -860,10 +860,10 @@ WebsocketConnectionOptions ChargePoint::get_ws_connection_options(const int32_t
         this->device_model->get_optional_value<bool>(ControllerComponentVariables::AdditionalRootCertificateCheck)
             .value_or(false),
         std::nullopt, // hostName
-        true,          // verify_csms_common_name
-        false,          // use tpm
-        false           // verify_csms_allow_wildcards
-    };
+        this->device_model->get_optional_value<bool>(ControllerComponentVariables::VerifyCsmsCommonName).value_or(true),
+        this->device_model->get_optional_value<bool>(ControllerComponentVariables::UseTPM).value_or(false),
+        this->device_model->get_optional_value<bool>(ControllerComponentVariables::VerifyCsmsAllowWildcards)
+            .value_or(false)};
 
     return connection_options;
 }
@@ -1612,9 +1612,11 @@ void ChargePoint::sign_certificate_req(const ocpp::CertificateSigningUseEnum& ce
         return;
     }
 
-    // TODO: use_tpm is hardcoded false here, see if it will require change
+    bool should_use_tpm =
+        this->device_model->get_optional_value<bool>(ControllerComponentVariables::UseTPM).value_or(false);
+
     const auto csr = this->evse_security->generate_certificate_signing_request(
-        certificate_signing_use, country.value(), organization.value(), common.value(), false);
+        certificate_signing_use, country.value(), organization.value(), common.value(), should_use_tpm);
     req.csr = csr;
 
     this->awaited_certificate_signing_use_enum = certificate_signing_use;
diff --git a/lib/ocpp/v201/ctrlr_component_variables.cpp b/lib/ocpp/v201/ctrlr_component_variables.cpp
index 6f31079e6f..1945b21a2d 100644
--- a/lib/ocpp/v201/ctrlr_component_variables.cpp
+++ b/lib/ocpp/v201/ctrlr_component_variables.cpp
@@ -193,6 +193,27 @@ const ComponentVariable& UseSslDefaultVerifyPaths = {
         "UseSslDefaultVerifyPaths",
     }),
 };
+const ComponentVariable& VerifyCsmsCommonName = {
+    ControllerComponents::InternalCtrlr,
+    std::nullopt,
+    std::optional<Variable>({
+        "VerifyCsmsCommonName",
+    }),
+};
+const ComponentVariable& UseTPM = {
+    ControllerComponents::InternalCtrlr,
+    std::nullopt,
+    std::optional<Variable>({
+        "UseTPM",
+    }),
+};
+const ComponentVariable& VerifyCsmsAllowWildcards = {
+    ControllerComponents::InternalCtrlr,
+    std::nullopt,
+    std::optional<Variable>({
+        "VerifyCsmsAllowWildcards",
+    }),
+};
 const ComponentVariable& OcspRequestInterval = {
     ControllerComponents::InternalCtrlr,
     std::nullopt,