diff --git a/changes-entries/ssl-authtype.txt b/changes-entries/ssl-authtype.txt
new file mode 100644
index 00000000000..c7c8da0aed7
--- /dev/null
+++ b/changes-entries/ssl-authtype.txt
@@ -0,0 +1,2 @@
+*) mod_ssl: Set auth type to "ClientCert" when client certificate authentication
+   has been performed.  [Michael Osipov <michaelo apache.org>]
diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c
index cb88f0112c6..9ee25ec52ca 100644
--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c
@@ -1130,8 +1130,10 @@ int ssl_hook_Access(request_rec *r)
     if ((dc->nOptions & SSL_OPT_FAKEBASICAUTH) == 0 && dc->szUserName) {
         const char *val = ssl_var_lookup(r->pool, r->server, r->connection,
                                          r, dc->szUserName);
-        if (val && val[0])
+        if (val && val[0]) {
             r->user = apr_pstrdup(r->pool, val);
+            r->ap_auth_type = "ClientCert";
+        }
         else
             ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(02227)
                           "Failed to set r->user to '%s'", dc->szUserName);