diff --git a/src/Microsoft.AspNet.Server.WebListener/FeatureContext.cs b/src/Microsoft.AspNet.Server.WebListener/FeatureContext.cs
index d3209b479b..ed07ba6b5c 100644
--- a/src/Microsoft.AspNet.Server.WebListener/FeatureContext.cs
+++ b/src/Microsoft.AspNet.Server.WebListener/FeatureContext.cs
@@ -37,7 +37,7 @@ namespace Microsoft.AspNet.Server.WebListener
         IHttpConnectionFeature,
         IHttpResponseFeature,
         IHttpSendFileFeature,
-        IHttpClientCertificateFeature,
+        ITlsConnectionFeature,
         IHttpRequestLifetimeFeature,
         IHttpWebSocketFeature,
         IHttpAuthenticationFeature,
@@ -60,7 +60,7 @@ namespace Microsoft.AspNet.Server.WebListener
         private int? _remotePort;
         private int? _localPort;
         private bool? _isLocal;
-        private X509Certificate _clientCert;
+        private X509Certificate2 _clientCert;
         private ClaimsPrincipal _user;
         private IAuthenticationHandler _authHandler;
         private Stream _responseStream;
@@ -93,15 +93,16 @@ namespace Microsoft.AspNet.Server.WebListener
         {
             _features.Add(typeof(IHttpRequestFeature), this);
             _features.Add(typeof(IHttpConnectionFeature), this);
-            if (Request.IsSecureConnection)
-            {
-                // TODO: Should this feature be conditional? Should we add this for HTTP requests?
-                _features.Add(typeof(IHttpClientCertificateFeature), this);
-            }
             _features.Add(typeof(IHttpResponseFeature), this);
             _features.Add(typeof(IHttpSendFileFeature), this);
             _features.Add(typeof(IHttpRequestLifetimeFeature), this);
             _features.Add(typeof(IHttpAuthenticationFeature), this);
+            _features.Add(typeof(IRequestIdentifierFeature), this);
+
+            if (Request.IsSecureConnection)
+            {
+                _features.Add(typeof(ITlsConnectionFeature), this);
+            }
 
             // Win8+
             if (WebSocketHelpers.AreWebSocketsSupported)
@@ -109,16 +110,6 @@ namespace Microsoft.AspNet.Server.WebListener
                 _features.Add(typeof(IHttpUpgradeFeature), this);
                 _features.Add(typeof(IHttpWebSocketFeature), this);
             }
-
-            _features.Add(typeof(IRequestIdentifierFeature), this);
-
-            // TODO:
-            /*
-            Server
-            _environment.Listener = _server;
-            Channel binding
-            _environment.ConnectionId = _request.ConnectionId;            
-             */
         }
 
         Stream IHttpRequestFeature.Body
@@ -302,7 +293,7 @@ namespace Microsoft.AspNet.Server.WebListener
             set { _remotePort = value; }
         }
 
-        X509Certificate IHttpClientCertificateFeature.ClientCertificate
+        X509Certificate2 ITlsConnectionFeature.ClientCertificate
         {
             get
             {
@@ -315,7 +306,7 @@ namespace Microsoft.AspNet.Server.WebListener
             set { _clientCert = value; }
         }
 
-        async Task<X509Certificate> IHttpClientCertificateFeature.GetClientCertificateAsync(CancellationToken cancellationToken)
+        async Task<X509Certificate2> ITlsConnectionFeature.GetClientCertificateAsync(CancellationToken cancellationToken)
         {
             if (_clientCert == null)
             {
diff --git a/src/Microsoft.Net.Http.Server/RequestProcessing/Request.cs b/src/Microsoft.Net.Http.Server/RequestProcessing/Request.cs
index 1bd7e3c59f..9519037ca8 100644
--- a/src/Microsoft.Net.Http.Server/RequestProcessing/Request.cs
+++ b/src/Microsoft.Net.Http.Server/RequestProcessing/Request.cs
@@ -59,7 +59,7 @@ namespace Microsoft.Net.Http.Server
         private string _pathBase;
         private string _path;
 
-        private X509Certificate _clientCert;
+        private X509Certificate2 _clientCert;
 
         private HeaderCollection _headers;
         private BoundaryType _contentBoundaryType;
@@ -430,7 +430,7 @@ namespace Microsoft.Net.Http.Server
         // Populates the client certificate.  The result may be null if there is no client cert.
         // TODO: Does it make sense for this to be invoked multiple times (e.g. renegotiate)? Client and server code appear to
         // enable this, but it's unclear what Http.Sys would do.
-        public async Task<X509Certificate> GetClientCertificateAsync(CancellationToken cancellationToken = default(CancellationToken))
+        public async Task<X509Certificate2> GetClientCertificateAsync(CancellationToken cancellationToken = default(CancellationToken))
         {
             if (SslStatus == SslStatus.Insecure)
             {
diff --git a/test/Microsoft.AspNet.Server.WebListener.FunctionalTests/HttpsTests.cs b/test/Microsoft.AspNet.Server.WebListener.FunctionalTests/HttpsTests.cs
index b7c89ef1ad..ec93a92eeb 100644
--- a/test/Microsoft.AspNet.Server.WebListener.FunctionalTests/HttpsTests.cs
+++ b/test/Microsoft.AspNet.Server.WebListener.FunctionalTests/HttpsTests.cs
@@ -85,7 +85,7 @@ namespace Microsoft.AspNet.Server.WebListener
             using (Utilities.CreateHttpsServer(async env =>
             {
                 var httpContext = new DefaultHttpContext((IFeatureCollection)env);
-                var tls = httpContext.GetFeature<IHttpClientCertificateFeature>();
+                var tls = httpContext.GetFeature<ITlsConnectionFeature>();
                 Assert.NotNull(tls);
                 var cert = await tls.GetClientCertificateAsync(CancellationToken.None);
                 Assert.Null(cert);
@@ -103,7 +103,7 @@ namespace Microsoft.AspNet.Server.WebListener
             using (Utilities.CreateHttpsServer(async env =>
             {
                 var httpContext = new DefaultHttpContext((IFeatureCollection)env);
-                var tls = httpContext.GetFeature<IHttpClientCertificateFeature>();
+                var tls = httpContext.GetFeature<ITlsConnectionFeature>();
                 Assert.NotNull(tls);
                 var cert = await tls.GetClientCertificateAsync(CancellationToken.None);
                 Assert.NotNull(cert);
diff --git a/test/Microsoft.Net.Http.Server.FunctionalTests/HttpsTests.cs b/test/Microsoft.Net.Http.Server.FunctionalTests/HttpsTests.cs
index 4822827bd6..5483589211 100644
--- a/test/Microsoft.Net.Http.Server.FunctionalTests/HttpsTests.cs
+++ b/test/Microsoft.Net.Http.Server.FunctionalTests/HttpsTests.cs
@@ -90,16 +90,16 @@ namespace Microsoft.Net.Http.Server
         {
             using (var server = Utilities.CreateHttpsServer())
             {
-                Task<string> responseTask = SendRequestAsync(Address);
+                X509Certificate2 clientCert = FindClientCert();
+                Assert.NotNull(clientCert);
+                Task<string> responseTask = SendRequestAsync(Address, clientCert);
 
                 var context = await server.GetContextAsync();
                 var cert = await context.Request.GetClientCertificateAsync();
                 Assert.NotNull(cert);
                 context.Dispose();
 
-                X509Certificate2 clientCert = FindClientCert();
-                Assert.NotNull(clientCert);
-                string response = await SendRequestAsync(Address, clientCert);
+                string response = await responseTask;
                 Assert.Equal(string.Empty, response);
             }
         }