diff --git a/components/mbedtls/CMakeLists.txt b/components/mbedtls/CMakeLists.txt
index aff2342fcd..73a13d519f 100644
--- a/components/mbedtls/CMakeLists.txt
+++ b/components/mbedtls/CMakeLists.txt
@@ -1,8 +1,16 @@
 idf_build_get_property(idf_target IDF_TARGET)
 idf_build_get_property(python PYTHON)
 
-idf_component_register(SRCS "esp_crt_bundle/esp_crt_bundle.c"
-    INCLUDE_DIRS "port/include" "mbedtls/include" "esp_crt_bundle/include"
+set(mbedtls_srcs "")
+set(mbedtls_include_dirs "port/include" "mbedtls/include")
+
+if(CONFIG_MBEDTLS_CERTIFICATE_BUNDLE)
+    list(APPEND mbedtls_srcs "esp_crt_bundle/esp_crt_bundle.c")
+    list(APPEND mbedtls_include_dirs "esp_crt_bundle/include")
+endif()
+
+idf_component_register(SRCS "${mbedtls_srcs}"
+    INCLUDE_DIRS "${mbedtls_include_dirs}"
     REQUIRES lwip
     PRIV_REQUIRES esp_pm soc
     )
@@ -181,7 +189,14 @@ endif()
 set_property(TARGET mbedcrypto APPEND PROPERTY LINK_INTERFACE_LIBRARIES mbedtls)
 
 # Link mbedtls libraries to component library
-target_link_libraries(${COMPONENT_LIB} PUBLIC ${mbedtls_targets})
+if(mbedtls_srcs STREQUAL "")
+    # For no sources in component library we must use "INTERFACE"
+    set(linkage_type INTERFACE)
+else()
+    set(linkage_type PUBLIC)
+endif()
+
+target_link_libraries(${COMPONENT_LIB} ${linkage_type} ${mbedtls_targets})
 
 if(CONFIG_ESP_TLS_USE_DS_PERIPHERAL)
     # Link target (e.g. esp32s2) library to component library
@@ -189,11 +204,11 @@ if(CONFIG_ESP_TLS_USE_DS_PERIPHERAL)
     set_property(TARGET mbedcrypto APPEND PROPERTY INTERFACE_LINK_LIBRARIES $<LINK_ONLY:${target_lib}>)
     # The linker seems to be unable to resolve all the dependencies without increasing this
     set_property(TARGET mbedcrypto APPEND PROPERTY LINK_INTERFACE_MULTIPLICITY 6)
-    target_link_libraries(${COMPONENT_LIB} PUBLIC ${target_lib})
+    target_link_libraries(${COMPONENT_LIB} ${linkage_type} ${target_lib})
 endif()
 
 # Link esp-cryptoauthlib to mbedtls
 if(CONFIG_ATCA_MBEDTLS_ECDSA)
     idf_component_get_property(cryptoauthlib esp-cryptoauthlib COMPONENT_LIB)
-    target_link_libraries(${COMPONENT_LIB} PUBLIC ${cryptoauthlib})
+    target_link_libraries(${COMPONENT_LIB} ${linkage_type} ${cryptoauthlib})
 endif()
diff --git a/examples/protocols/esp_http_client/main/esp_http_client_example.c b/examples/protocols/esp_http_client/main/esp_http_client_example.c
index d53b297a02..d1df4a2a12 100644
--- a/examples/protocols/esp_http_client/main/esp_http_client_example.c
+++ b/examples/protocols/esp_http_client/main/esp_http_client_example.c
@@ -18,6 +18,9 @@
 #include "esp_netif.h"
 #include "protocol_examples_common.h"
 #include "esp_tls.h"
+#if CONFIG_MBEDTLS_CERTIFICATE_BUNDLE
+#include "esp_crt_bundle.h"
+#endif
 
 #include "esp_http_client.h"
 
@@ -366,12 +369,13 @@ static void http_auth_digest(void)
     esp_http_client_cleanup(client);
 }
 
+#if CONFIG_MBEDTLS_CERTIFICATE_BUNDLE
 static void https_with_url(void)
 {
     esp_http_client_config_t config = {
         .url = "https://www.howsmyssl.com",
         .event_handler = _http_event_handler,
-        .cert_pem = howsmyssl_com_root_cert_pem_start,
+        .crt_bundle_attach = esp_crt_bundle_attach,
     };
     esp_http_client_handle_t client = esp_http_client_init(&config);
     esp_err_t err = esp_http_client_perform(client);
@@ -385,6 +389,7 @@ static void https_with_url(void)
     }
     esp_http_client_cleanup(client);
 }
+#endif // CONFIG_MBEDTLS_CERTIFICATE_BUNDLE
 
 static void https_with_hostname_path(void)
 {
@@ -637,12 +642,13 @@ static void http_native_request(void)
     esp_http_client_cleanup(client);
 }
 
+#if CONFIG_MBEDTLS_CERTIFICATE_BUNDLE
 static void http_partial_download(void)
 {
     esp_http_client_config_t config = {
         .url = "https://dl.espressif.com/dl/esp-idf/ci/esp_http_client_demo.txt",
         .event_handler = _http_event_handler,
-        .cert_pem = dl_espressif_com_root_cert_pem_start,
+        .crt_bundle_attach = esp_crt_bundle_attach,
     };
     esp_http_client_handle_t client = esp_http_client_init(&config);
 
@@ -681,6 +687,7 @@ static void http_partial_download(void)
 
     esp_http_client_cleanup(client);
 }
+#endif // CONFIG_MBEDTLS_CERTIFICATE_BUNDLE
 
 static void http_test_task(void *pvParameters)
 {
@@ -693,7 +700,9 @@ static void http_test_task(void *pvParameters)
     http_auth_digest();
     http_relative_redirect();
     http_absolute_redirect();
+#if CONFIG_MBEDTLS_CERTIFICATE_BUNDLE
     https_with_url();
+#endif
     https_with_hostname_path();
     http_redirect_to_https();
     http_download_chunk();
@@ -701,7 +710,9 @@ static void http_test_task(void *pvParameters)
     https_async();
     https_with_invalid_url();
     http_native_request();
+#if CONFIG_MBEDTLS_CERTIFICATE_BUNDLE
     http_partial_download();
+#endif
 
     ESP_LOGI(TAG, "Finish http example");
     vTaskDelete(NULL);
diff --git a/examples/protocols/https_request/main/https_request_example_main.c b/examples/protocols/https_request/main/https_request_example_main.c
index d333145953..cf87b33dd3 100644
--- a/examples/protocols/https_request/main/https_request_example_main.c
+++ b/examples/protocols/https_request/main/https_request_example_main.c
@@ -5,22 +5,13 @@
  *
  * Adapted from the ssl_client1 example in mbedtls.
  *
- * Original Copyright (C) 2006-2016, ARM Limited, All Rights Reserved, Apache 2.0 License.
- * Additions Copyright (C) Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD, Apache 2.0 License.
+ * SPDX-FileCopyrightText: 2006-2016 ARM Limited, All Rights Reserved
  *
+ * SPDX-License-Identifier: Apache-2.0
  *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-FileContributor: 2015-2022 Espressif Systems (Shanghai) CO LTD
  */
+
 #include <string.h>
 #include <stdlib.h>
 #include "freertos/FreeRTOS.h"
@@ -41,7 +32,9 @@
 #include "lwip/dns.h"
 
 #include "esp_tls.h"
+#if CONFIG_MBEDTLS_CERTIFICATE_BUNDLE
 #include "esp_crt_bundle.h"
+#endif
 
 /* Constants that aren't configurable in menuconfig */
 #define WEB_SERVER "www.howsmyssl.com"
@@ -134,6 +127,7 @@ exit:
     }
 }
 
+#if CONFIG_MBEDTLS_CERTIFICATE_BUNDLE
 static void https_get_request_using_crt_bundle(void)
 {
     ESP_LOGI(TAG, "https_request using crt bundle");
@@ -142,6 +136,7 @@ static void https_get_request_using_crt_bundle(void)
     };
     https_get_request(cfg);
 }
+#endif // CONFIG_MBEDTLS_CERTIFICATE_BUNDLE
 
 static void https_get_request_using_cacert_buf(void)
 {
@@ -173,7 +168,9 @@ static void https_request_task(void *pvparameters)
 {
     ESP_LOGI(TAG, "Start https_request example");
 
+#if CONFIG_MBEDTLS_CERTIFICATE_BUNDLE
     https_get_request_using_crt_bundle();
+#endif
     https_get_request_using_cacert_buf();
     https_get_request_using_global_ca_store();
 
diff --git a/tools/test_apps/system/build_test/sdkconfig.ci.no_esp_cert_bundle b/tools/test_apps/system/build_test/sdkconfig.ci.no_esp_cert_bundle
new file mode 100644
index 0000000000..990777a89e
--- /dev/null
+++ b/tools/test_apps/system/build_test/sdkconfig.ci.no_esp_cert_bundle
@@ -0,0 +1 @@
+CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n