diff --git a/openstack/connection.py b/openstack/connection.py
index 3f6515480..d70a46cc2 100644
--- a/openstack/connection.py
+++ b/openstack/connection.py
@@ -142,13 +142,19 @@ def from_config(cloud_name=None, cloud_config=None, options=None):
     if 'insecure' in cloud_config.config:
         auth['verify'] = not bool(cloud_config.config['insecure'])
 
+    cert = cloud_config.config.get('cert')
+    if cert:
+        key = cloud_config.config.get('key')
+        auth['cert'] = (cert, key) if key else cert
+
     return Connection(profile=prof, **auth)
 
 
 class Connection(object):
 
     def __init__(self, session=None, authenticator=None, profile=None,
-                 verify=True, user_agent=None, auth_plugin="password",
+                 verify=True, cert=None, user_agent=None,
+                 auth_plugin="password",
                  **auth_args):
         """Create a context for a connection to a cloud provider.
 
@@ -179,6 +185,11 @@ class Connection(object):
             this parameter will be used to create a transport.  If ``verify``
             is set to true, which is the default, the SSL cert will be
             verified.  It can also be set to a CA_BUNDLE path.
+        :param cert: If a transport is not provided to the connection then this
+            parameter will be used to create a transport. `cert` allows to
+            provide a client certificate file path or a tuple with client
+            certificate and key paths.
+        :type cert: str or tuple
         :param str user_agent: If a transport is not provided to the
             connection, this parameter will be used when creating a transport.
             The value given here will be prepended to the default, which is
@@ -196,7 +207,7 @@ class Connection(object):
                                                         **auth_args)
         self.profile = profile if profile else _profile.Profile()
         self.session = session if session else _session.Session(
-            self.profile, auth=self.authenticator, verify=verify,
+            self.profile, auth=self.authenticator, verify=verify, cert=cert,
             user_agent=user_agent)
         self._open()
 
diff --git a/openstack/tests/unit/test_connection.py b/openstack/tests/unit/test_connection.py
index 013794329..ecda73a3e 100644
--- a/openstack/tests/unit/test_connection.py
+++ b/openstack/tests/unit/test_connection.py
@@ -46,8 +46,8 @@ class TestConnection(base.TestCase):
         mock_profile = mock.Mock()
         mock_profile.get_services = mock.Mock(return_value=[])
         conn = connection.Connection(profile=mock_profile, authenticator='2',
-                                     verify=True, user_agent='1')
-        args = {'auth': '2', 'user_agent': '1', 'verify': True}
+                                     verify=True, cert='cert', user_agent='1')
+        args = {'auth': '2', 'user_agent': '1', 'verify': True, 'cert': 'cert'}
         mock_session_init.assert_called_with(mock_profile, **args)
         self.assertEqual(mock_session_init, conn.session)