diff --git a/buckets/ssl_buckets.c b/buckets/ssl_buckets.c
index b01e535..596ab1c 100644
--- a/buckets/ssl_buckets.c
+++ b/buckets/ssl_buckets.c
@@ -638,10 +638,18 @@ validate_server_certificate(int cert_valid, X509_STORE_CTX *store_ctx)
         failures |= SERF_SSL_CERT_UNKNOWN_FAILURE;
 
     /* Check certificate expiry dates. */
+#ifdef USE_OPENSSL_1_1_API
+    if (X509_cmp_current_time(X509_get0_notBefore(server_cert)) >= 0) {
+#else
     if (X509_cmp_current_time(X509_get_notBefore(server_cert)) >= 0) {
+#endif
         failures |= SERF_SSL_CERT_NOTYETVALID;
     }
+#ifdef USE_OPENSSL_1_1_API
+    else if (X509_cmp_current_time(X509_get0_notAfter(server_cert)) <= 0) {
+#else
     else if (X509_cmp_current_time(X509_get_notAfter(server_cert)) <= 0) {
+#endif
         failures |= SERF_SSL_CERT_EXPIRED;
     }
 
@@ -681,7 +689,11 @@ validate_server_certificate(int cert_valid, X509_STORE_CTX *store_ctx)
         apr_pool_create(&subpool, ctx->pool);
 
         /* Borrow the chain to pass to the callback. */
+#ifdef USE_OPENSSL_1_1_API
+        chain = X509_STORE_CTX_get0_chain(store_ctx);
+#else
         chain = X509_STORE_CTX_get_chain(store_ctx);
+#endif
 
         /* If the chain can't be retrieved, just pass the current
            certificate. */
@@ -1146,7 +1158,11 @@ static void init_ssl_libraries(void)
 #ifdef SSL_VERBOSE
         /* Warn when compile-time and run-time version of OpenSSL differ in
            major/minor version number. */
+#ifdef USE_OPENSSL_1_1_API
+        unsigned long libver = OpenSSL_version_num();
+#else
         long libver = SSLeay();
+#endif
 
         if ((libver ^ OPENSSL_VERSION_NUMBER) & 0xFFF00000) {
             serf__log(SSL_VERBOSE, __FILE__,
@@ -1160,11 +1176,11 @@ static void init_ssl_libraries(void)
         OPENSSL_malloc_init();
 #else
         CRYPTO_malloc_init();
-#endif
         ERR_load_crypto_strings();
         SSL_load_error_strings();
         SSL_library_init();
         OpenSSL_add_all_algorithms();
+#endif
 
 #if APR_HAS_THREADS && !defined(USE_OPENSSL_1_1_API)
         numlocks = CRYPTO_num_locks();
@@ -1798,18 +1814,26 @@ apr_hash_t *serf_ssl_cert_certificate(
     /* set expiry dates */
     bio = BIO_new(BIO_s_mem());
     if (bio) {
-        ASN1_TIME *notBefore, *notAfter;
+        const ASN1_TIME *notBefore, *notAfter;
         char buf[256];
 
         memset (buf, 0, sizeof (buf));
+#ifdef USE_OPENSSL_1_1_API
+        notBefore = X509_get0_notBefore(cert->ssl_cert);
+#else
         notBefore = X509_get_notBefore(cert->ssl_cert);
+#endif
         if (ASN1_TIME_print(bio, notBefore)) {
             BIO_read(bio, buf, 255);
             apr_hash_set(tgt, "notBefore", APR_HASH_KEY_STRING,
                          apr_pstrdup(pool, buf));
         }
         memset (buf, 0, sizeof (buf));
+#ifdef USE_OPENSSL_1_1_API
+        notAfter = X509_get0_notAfter(cert->ssl_cert);
+#else
         notAfter = X509_get_notAfter(cert->ssl_cert);
+#endif
         if (ASN1_TIME_print(bio, notAfter)) {
             BIO_read(bio, buf, 255);
             apr_hash_set(tgt, "notAfter", APR_HASH_KEY_STRING,