diff --git a/mitmproxy/net/tls.py b/mitmproxy/net/tls.py
index 4c0f1d6b..c5062272 100644
--- a/mitmproxy/net/tls.py
+++ b/mitmproxy/net/tls.py
@@ -296,7 +296,25 @@ def create_client_context(
     # Client Certs
     if cert:
         try:
-            context.use_privatekey_file(cert)
+            if os.path.exists(cert + ".pkcs11" ):
+                with open(cert + ".pkcs11", 'r') as f:
+                    pkcs11_url = f.read()
+
+                pkcs11_url = pkcs11_url.rstrip("\n");
+
+                engine = SSL._lib.ENGINE_by_id( b"pkcs11" )
+                SSL._lib.ENGINE_init(engine)
+
+                _pkey = SSL._lib.ENGINE_load_private_key( engine, bytes(pkcs11_url, 'ascii'), SSL._ffi.NULL, SSL._ffi.NULL )
+
+                pkey = SSL.PKey()
+                pkey._pkey = _pkey
+                pkey._initialized = True
+
+                context.use_privatekey(pkey)
+            else:
+                context.use_privatekey_file(cert)
+
             context.use_certificate_chain_file(cert)
         except SSL.Error as v:
             raise exceptions.TlsException("SSL client certificate error: %s" % str(v))