diff --git a/docs/README.md b/docs/README.md
index 37feb5ab..2e39d67c 100644
--- a/docs/README.md
+++ b/docs/README.md
@@ -647,6 +647,10 @@ client[custom.http_options] = function (options) {
   // custom CA
   // options.https.ca = ca; // <string> | <string[]> | <Buffer> | <Buffer[]>
 
+  // use with .p12/.pfx files
+  // options.https.pfx = pfx; // <string> | <string[]> | <Buffer> | <Buffer[]> | <Object[]>
+  // options.https.passphrase = passphrase; // <string>
+
   // use HTTP(S)_PROXY
   // https://github.com/sindresorhus/got/tree/v11.8.0#agent
   // options.agent = agent;
diff --git a/lib/helpers/request.js b/lib/helpers/request.js
index 87e66468..53022fe2 100644
--- a/lib/helpers/request.js
+++ b/lib/helpers/request.js
@@ -44,7 +44,7 @@ module.exports = async function request(options, { mTLS = false, DPoP } = {}) {
     mTLS
     && (
       (!opts.key || !opts.cert)
-      && (!opts.https || !opts.https.key || !opts.https.certificate)
+      && (!opts.https || !((opts.https.key && opts.https.certificate) || opts.https.pfx))
     )
   ) {
     throw new TypeError('mutual-TLS certificate and key not set');
diff --git a/test/client/mtls.test.js b/test/client/mtls.test.js
index 23715cc6..81728203 100644
--- a/test/client/mtls.test.js
+++ b/test/client/mtls.test.js
@@ -1,3 +1,6 @@
+const fs = require('fs');
+const path = require('path');
+
 const { expect } = require('chai');
 const nock = require('nock');
 
@@ -78,6 +81,8 @@ Ym+FYK6KtEjrawUvE9CwzkoXiQbisQsGkp1sJxYDkDzW1jf50T3DOOCbGmW6bi7H
 2LZBr34osdcugbFGO07Y8gAiRrh+lbv1JBzALHt93QSVeN9mPNY=
 -----END RSA PRIVATE KEY-----`;
 
+const pfx = fs.readFileSync(path.join(__dirname, 'testcert.p12'));
+
 describe('mutual-TLS', () => {
   beforeEach(function () {
     this.client = new issuer.Client({
@@ -137,4 +142,22 @@ describe('mutual-TLS', () => {
       expect(err.message).to.eql('mutual-TLS certificate and key not set');
     }
   });
+
+  it('works with a PKCS#12 file and a passphrase', async function () {
+    this.client[custom.http_options] = (opts) => ({ ...opts, https: { pfx } });
+
+    nock('https://mtls.op.example.com')
+      .get('/me').reply(200, { sub: 'foo' });
+
+    await this.client.userinfo('foo');
+
+    delete this.client[custom.http_options];
+
+    try {
+      await this.client.userinfo('foo');
+      fail();
+    } catch (err) {
+      expect(err.message).to.eql('mutual-TLS certificate and key not set');
+    }
+  });
 });
diff --git a/test/client/testcert.p12 b/test/client/testcert.p12
new file mode 100644
index 00000000..12c66400
Binary files /dev/null and b/test/client/testcert.p12 differ