diff --git a/microscript/ILibDuktape_Helpers.c b/microscript/ILibDuktape_Helpers.c
index 926f08b..a902b01 100644
--- a/microscript/ILibDuktape_Helpers.c
+++ b/microscript/ILibDuktape_Helpers.c
@@ -105,13 +105,14 @@ void *Duktape_GetHeapptrProperty(duk_context *ctx, duk_idx_t i, char* propertyNa
 	}
 	return retVal;
 }
-void *Duktape_GetBufferProperty(duk_context *ctx, duk_idx_t i, char* propertyName)
+void *Duktape_GetBufferPropertyEx(duk_context *ctx, duk_idx_t i, char* propertyName, duk_size_t* bufferLen)
 {
 	void *retVal = NULL;
+	if (bufferLen != NULL) { *bufferLen = 0; }
 	if (duk_has_prop_string(ctx, i, propertyName))
 	{
 		duk_get_prop_string(ctx, i, propertyName);			// [prop]
-		retVal = (void*)Duktape_GetBuffer(ctx, -1, NULL);
+		retVal = (void*)Duktape_GetBuffer(ctx, -1, bufferLen);
 		duk_pop(ctx);										// ...
 	}
 	return(retVal);
diff --git a/microscript/ILibDuktape_Helpers.h b/microscript/ILibDuktape_Helpers.h
index 884a8bb..036db90 100644
--- a/microscript/ILibDuktape_Helpers.h
+++ b/microscript/ILibDuktape_Helpers.h
@@ -57,7 +57,8 @@ char* Duktape_GetStringPropertyValueEx(duk_context *ctx, duk_idx_t i, char* prop
 int Duktape_GetIntPropertyValue(duk_context *ctx, duk_idx_t i, char* propertyName, int defaultValue);
 void *Duktape_GetPointerProperty(duk_context *ctx, duk_idx_t i, char* propertyName);
 void *Duktape_GetHeapptrProperty(duk_context *ctx, duk_idx_t i, char* propertyName);
-void *Duktape_GetBufferProperty(duk_context *ctx, duk_idx_t i, char* propertyName);
+void *Duktape_GetBufferPropertyEx(duk_context *ctx, duk_idx_t i, char* propertyName, duk_size_t* bufferLen);
+#define Duktape_GetBufferProperty(ctx, i, propertyName) Duktape_GetBufferPropertyEx(ctx, i, propertyName, NULL)
 int Duktape_GetBooleanProperty(duk_context *ctx, duk_idx_t i, char *propertyName, int defaultValue);
 struct sockaddr_in6* Duktape_IPAddress4_FromString(char* address, unsigned short port);
 struct sockaddr_in6* Duktape_IPAddress6_FromString(char* address, unsigned short port);
diff --git a/microscript/ILibDuktape_net.c b/microscript/ILibDuktape_net.c
index 1118cea..f2a131e 100644
--- a/microscript/ILibDuktape_net.c
+++ b/microscript/ILibDuktape_net.c
@@ -82,6 +82,7 @@ int ILibDuktape_TLS_ctx2server = -1;
 #define ILibDuktape_SERVER2OPTIONS				"\xFF_ServerToOptions"
 #define ILibDuktape_SERVER2LISTENOPTIONS		"\xFF_ServerToListenOptions"
 #define ILibDuktape_TLSSocket2SecureContext		"\xFF_TLSSocket2SecureContext"
+#define ILibDuktape_TLS_util_cert				"\xFF_TLS_util_cert"
 
 extern void ILibAsyncServerSocket_RemoveFromChain(ILibAsyncServerSocket_ServerModule serverModule);
 
@@ -1554,6 +1555,46 @@ duk_ret_t ILibDuktape_TLS_generateRandomInteger(duk_context *ctx)
 	BN_CTX_free(binctx);
 	return(1);
 }
+duk_ret_t ILibDuktape_TLS_loadCertificate_finalizer(duk_context *ctx)
+{
+	struct util_cert *cert = (struct util_cert*)Duktape_GetBufferProperty(ctx, 0, ILibDuktape_TLS_util_cert);
+	util_freecert(cert);
+	return(0);
+}
+duk_ret_t ILibDuktape_TLS_loadCertificate_getKeyHash(duk_context *ctx)
+{
+	duk_push_this(ctx);
+	struct util_cert *cert = (struct util_cert*)Duktape_GetBufferProperty(ctx, -1, ILibDuktape_TLS_util_cert);
+	char *hash = duk_push_fixed_buffer(ctx, UTIL_SHA384_HASHSIZE);
+	duk_push_buffer_object(ctx, -1, 0, UTIL_SHA384_HASHSIZE, DUK_BUFOBJ_NODEJS_BUFFER);
+	util_keyhash(cert[0], hash);
+	return(1);
+}
+duk_ret_t ILibDuktape_TLS_loadCertificate(duk_context *ctx)
+{
+	duk_size_t pfxLen;
+	char *pfx = Duktape_GetBufferPropertyEx(ctx, 0, "pfx", &pfxLen);
+
+	if (pfx != NULL)
+	{
+		duk_push_object(ctx);
+		ILibDuktape_WriteID(ctx, "tls.certificate");
+		struct util_cert *cert = (struct util_cert*)Duktape_PushBuffer(ctx, sizeof(struct util_cert));
+		duk_put_prop_string(ctx, -2, ILibDuktape_TLS_util_cert);
+		if (util_from_p12(pfx, (int)pfxLen, Duktape_GetStringPropertyValue(ctx, 0, "passphrase", NULL), cert) == 0)
+		{
+			// Failed to load certificate
+			return(ILibDuktape_Error(ctx, "tls.loadCertificate(): Invalid passphrase"));
+		}
+		ILibDuktape_CreateFinalizer(ctx, ILibDuktape_TLS_loadCertificate_finalizer);
+		ILibDuktape_CreateInstanceMethod(ctx, "getKeyHash", ILibDuktape_TLS_loadCertificate_getKeyHash, 0);
+		return(1);
+	}
+	else
+	{
+		return(ILibDuktape_Error(ctx, "tls.loadCertificate(): pfx not specified"));
+	}
+}
 void ILibDuktape_tls_PUSH(duk_context *ctx, void *chain)
 {
 	duk_push_object(ctx);				// [TLS]
@@ -1561,6 +1602,7 @@ void ILibDuktape_tls_PUSH(duk_context *ctx, void *chain)
 	ILibDuktape_CreateInstanceMethod(ctx, "connect", ILibDuktape_TLS_connect, DUK_VARARGS);
 	ILibDuktape_CreateInstanceMethod(ctx, "createSecureContext", ILibDuktape_TLS_createSecureContext, 1);
 	ILibDuktape_CreateInstanceMethod(ctx, "generateCertificate", ILibDuktape_TLS_generateCertificate, 1);
+	ILibDuktape_CreateInstanceMethod(ctx, "loadCertificate", ILibDuktape_TLS_loadCertificate, 1);
 	ILibDuktape_CreateInstanceMethod(ctx, "generateRandomInteger", ILibDuktape_TLS_generateRandomInteger, 2);
 	ILibDuktape_CreateInstanceMethod(ctx, "loadpkcs7b", ILibDuktape_TLS_loadpkcs7b, 1);
 }