diff --git a/changelog b/changelog
index a945fc24abffac17c99e45cb634e3f6b43b43ecd..e3166c2aea61721c566b76903675a4e89b14b1d5 100644
--- a/changelog
+++ b/changelog
@@ -1,6 +1,17 @@
 Changelog
 ---------
 
+(post-1.3)
+==========
+
+User api additions
+------------------
+
+There's a new member in the info struct used to control context creation,
+ssl_private_key_password, which allows passing into lws the passphrase on
+an SSL cetificate
+
+
 v1.3-chrome37-firefox30
 =======================
 
diff --git a/lib/libwebsockets.h b/lib/libwebsockets.h
index 0bb67f57bcfd8b5452d38e60e531e3133524cf3a..ea40fa1f7f00e65bfe107cfd6ba0b89990dc6c50 100644
--- a/lib/libwebsockets.h
+++ b/lib/libwebsockets.h
@@ -955,7 +955,8 @@ struct lws_context_creation_info {
 	const char *iface;
 	struct libwebsocket_protocols *protocols;
 	struct libwebsocket_extension *extensions;
-    struct lws_token_limits *token_limits;
+	struct lws_token_limits *token_limits;
+	const char *ssl_private_key_password;
 	const char *ssl_cert_filepath;
 	const char *ssl_private_key_filepath;
 	const char *ssl_ca_filepath;
diff --git a/lib/ssl.c b/lib/ssl.c
index 940e00df9ee8028d1f834ad2f82347e0340a1436..7bebacfc463a9e1c28503de8fb3470b2ecc5fadb 100644
--- a/lib/ssl.c
+++ b/lib/ssl.c
@@ -223,6 +223,23 @@ libwebsockets_decode_ssl_error(void)
 }
 
 #ifndef LWS_NO_CLIENT
+static int lws_context_init_client_ssl_pem_passwd_cb(char * buf, int size, int rwflag, void * userdata)
+{
+	struct lws_context_creation_info * info = (struct lws_context_creation_info *)userdata;
+   
+	const int passLen = (int)strlen(info->ssl_private_key_password);
+	const int minimumLen = passLen < size ? passLen : size;
+	strncpy(buf, info->ssl_private_key_password, minimumLen);
+   
+	if (minimumLen < size)
+	{
+		buf[minimumLen] = '\0';
+       return minimumLen;
+   }
+   
+    return minimumLen;
+}
+
 int lws_context_init_client_ssl(struct lws_context_creation_info *info,
 			    struct libwebsocket_context *context)
 {
@@ -306,10 +323,22 @@ int lws_context_init_client_ssl(struct lws_context_creation_info *info,
 		}
 	} 
 	if (info->ssl_private_key_filepath) {
+		/* check for provided by user password to private key */
+		if (info->ssl_private_key_password) {
+		/* 
+		 * password provided, set ssl callback and user data
+		 * for checking password which will be trigered during
+		 * SSL_CTX_use_PrivateKey_file function
+		 */
+			SSL_CTX_set_default_passwd_cb_userdata(
+					context->ssl_client_ctx,
+						  (void *)info);
+			SSL_CTX_set_default_passwd_cb(context->ssl_client_ctx,
+				lws_context_init_client_ssl_pem_passwd_cb);
+		}
 		/* set the private key from KeyFile */
 		if (SSL_CTX_use_PrivateKey_file(context->ssl_client_ctx,
-			     info->ssl_private_key_filepath,
-					       SSL_FILETYPE_PEM) != 1) {
+		    info->ssl_private_key_filepath, SSL_FILETYPE_PEM) != 1) {
 			lwsl_err("use_PrivateKey_file '%s' %lu: %s\n",
 				info->ssl_private_key_filepath,
 				ERR_get_error(),