diff --git a/lib/app.js b/lib/app.js
index ab0d8ce2..2d23eb32 100755
--- a/lib/app.js
+++ b/lib/app.js
@@ -28,6 +28,7 @@ var argv = require('optimist').argv;
 var LamassuConfig = require('lamassu-config');
 var atm = require('lamassu-atm-protocol');
 var format = require('util').format;
+var clientCertificateAuth = require('client-certificate-auth');
 
 var conString, dbConfig, config;
 
@@ -54,6 +55,17 @@ config.load(function(err, conf) {
   atm.init(app, conf.config);
 
   if (argv.https) {
+    app.use(clientCertificateAuth({ rejectUnauthorized: false }, function(cert, done) {
+      config.isAuthorized(cert.fingerprint, function(err, authorized) {
+        if (err) {
+          console.error('Client certificate authorization failed', err.message);
+          return done(false);
+        }
+
+        done(authorized);
+      });
+    }));
+
     var testkeys = path.join(__dirname, '..', 'testkeys');
     var privateKey = fs.readFileSync(path.join(testkeys, 'privatekey.pem'));
     var certificate = fs.readFileSync(path.join(testkeys, 'certificate.pem'));