diff --git a/test/parallel/test-tls-clientcertengine-invalid-arg-type.js b/test/parallel/test-tls-clientcertengine-invalid-arg-type.js
new file mode 100644
index 00000000000000..35915bbde3e98f
--- /dev/null
+++ b/test/parallel/test-tls-clientcertengine-invalid-arg-type.js
@@ -0,0 +1,15 @@
+'use strict';
+const common = require('../common');
+
+if (!common.hasCrypto)
+  common.skip('missing crypto');
+
+const assert = require('assert');
+const tls = require('tls');
+
+{
+  assert.throws(
+    () => { tls.createSecureContext({ clientCertEngine: 0 }); },
+    common.expectsError({ code: 'ERR_INVALID_ARG_TYPE',
+                          message: / Received type number$/ }));
+}
diff --git a/test/parallel/test-tls-clientcertengine-unsupported.js b/test/parallel/test-tls-clientcertengine-unsupported.js
new file mode 100644
index 00000000000000..aaa31b96303240
--- /dev/null
+++ b/test/parallel/test-tls-clientcertengine-unsupported.js
@@ -0,0 +1,28 @@
+'use strict';
+const common = require('../common');
+
+if (!common.hasCrypto)
+  common.skip('missing crypto');
+
+// Monkey-patch SecureContext
+const binding = process.binding('crypto');
+const NativeSecureContext = binding.SecureContext;
+
+binding.SecureContext = function() {
+  const rv = new NativeSecureContext();
+  rv.setClientCertEngine = undefined;
+  return rv;
+};
+
+const assert = require('assert');
+const tls = require('tls');
+
+{
+  assert.throws(
+    () => { tls.createSecureContext({ clientCertEngine: 'Cannonmouth' }); },
+    common.expectsError({
+      code: 'ERR_CRYPTO_CUSTOM_ENGINE_NOT_SUPPORTED',
+      message: 'Custom engines not supported by this OpenSSL'
+    })
+  );
+}
diff --git a/test/parallel/test-tls-server-setoptions-clientcertengine.js b/test/parallel/test-tls-server-setoptions-clientcertengine.js
new file mode 100644
index 00000000000000..beafdd7c2be47b
--- /dev/null
+++ b/test/parallel/test-tls-server-setoptions-clientcertengine.js
@@ -0,0 +1,15 @@
+'use strict';
+const common = require('../common');
+
+if (!common.hasCrypto)
+  common.skip('missing crypto');
+
+const assert = require('assert');
+const tls = require('tls');
+
+{
+  const server = tls.createServer();
+  assert.strictEqual(server.clientCertEngine, undefined);
+  server.setOptions({ clientCertEngine: 'Cannonmouth' });
+  assert.strictEqual(server.clientCertEngine, 'Cannonmouth');
+}