diff --git a/doc/newsfragments/client-send-certificate.feature b/doc/newsfragments/client-send-certificate.feature
new file mode 100644
index 00000000..b5584290
--- /dev/null
+++ b/doc/newsfragments/client-send-certificate.feature
@@ -0,0 +1 @@
+Barrier client now sends certificate that the server can verify.
diff --git a/src/lib/net/SecureSocket.cpp b/src/lib/net/SecureSocket.cpp
index 093dcb98..1004bb39 100644
--- a/src/lib/net/SecureSocket.cpp
+++ b/src/lib/net/SecureSocket.cpp
@@ -462,9 +462,13 @@ SecureSocket::secureAccept(int socket)
 int
 SecureSocket::secureConnect(int socket)
 {
-    createSSL();
+    if (!load_certificates(barrier::DataDirectories::ssl_certificate_path())) {
+        LOG((CLOG_ERR "could not load client certificates"));
+        // FIXME: this is fatal error, but we current don't disconnect because whole logic in this
+        // function needs to be cleaned up
+    }
 
-    load_certificates(barrier::DataDirectories::ssl_certificate_path());
+    createSSL();
 
     // attach the socket descriptor
     SSL_set_fd(m_ssl->m_ssl, socket);