diff --git a/certificates/0.0.8v/certs.sector b/certificates/0.0.9v/certs.sector
similarity index 100%
rename from certificates/0.0.8v/certs.sector
rename to certificates/0.0.9v/certs.sector
diff --git a/certificates/0.0.8v/otaboot.bin b/certificates/0.0.9v/otaboot.bin
similarity index 72%
rename from certificates/0.0.8v/otaboot.bin
rename to certificates/0.0.9v/otaboot.bin
index e074643..699c3ad 100644
Binary files a/certificates/0.0.8v/otaboot.bin and b/certificates/0.0.9v/otaboot.bin differ
diff --git a/certificates/0.0.8v/otamain.bin b/certificates/0.0.9v/otamain.bin
similarity index 72%
rename from certificates/0.0.8v/otamain.bin
rename to certificates/0.0.9v/otamain.bin
index dc4d4b3..d517b5c 100644
Binary files a/certificates/0.0.8v/otamain.bin and b/certificates/0.0.9v/otamain.bin differ
diff --git a/src/ota.c b/src/ota.c
index d98f0ed..8060184 100644
--- a/src/ota.c
+++ b/src/ota.c
@@ -350,36 +350,40 @@ void  ota_set_verify(int onoff) {
     
     if (onoff) {
         printf("ON\n");
-        verify=1;
-        do {
-            if (!spiflash_read(active_cert_sector+PKEYSIZE+(ret++), (byte *)abyte, 1)) {
-                printf("error reading flash\n");
-                break;
+        if (verify==0) {
+            verify= 1;
+            do {
+                if (!spiflash_read(active_cert_sector+PKEYSIZE+(ret++), (byte *)abyte, 1)) {
+                    printf("error reading flash\n");
+                    break;
+                }
+            } while (abyte[0]!=0xff); ret--;
+            printf("certs size: %d\n",ret);
+            byte *certs=malloc(ret);
+            spiflash_read(active_cert_sector+PKEYSIZE, (byte *)certs, ret);
+
+            ret=wolfSSL_CTX_load_verify_buffer(ctx, certs, ret, SSL_FILETYPE_PEM);
+            if ( ret != SSL_SUCCESS) {
+                printf("fail cert loading, return %d\n", ret);
             }
-        } while (abyte[0]!=0xff); ret--;
-        printf("certs size: %d\n",ret);
-        byte *certs=malloc(ret);
-        spiflash_read(active_cert_sector+PKEYSIZE, (byte *)certs, ret);
-
-        ret=wolfSSL_CTX_load_verify_buffer(ctx, certs, ret, SSL_FILETYPE_PEM);
-        if ( ret != SSL_SUCCESS) {
-            printf("fail cert loading, return %d\n", ret);
+            free(certs);
+            
+            time_t ts;
+            do {
+                ts = time(NULL);
+                if (ts == ((time_t)-1)) printf("ts=-1, ");
+                vTaskDelay(1);
+            } while (!(ts>1073741823)); //2^30-1 which is supposed to be like 2004
+            printf("TIME: %s", ctime(&ts)); //we need to have the clock right to check certificates
+            
+            wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
         }
-        free(certs);
-        
-        time_t ts;
-        do {
-            ts = time(NULL);
-            if (ts == ((time_t)-1)) printf("ts=-1, ");
-            vTaskDelay(1);
-        } while (!(ts>1073741823)); //2^30-1 which is supposed to be like 2004
-        printf("TIME: %s", ctime(&ts)); //we need to have the clock right to check certificates
-        
-        wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
     } else {
         printf("OFF\n");
-        verify=0;
-        wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL);
+        if (verify==1) {
+            verify= 0;
+            wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL);
+        }
     }
 }