diff --git a/tests/test_websockifyserver.py b/tests/test_websockifyserver.py
index 7ce82da..b9312dc 100644
--- a/tests/test_websockifyserver.py
+++ b/tests/test_websockifyserver.py
@@ -271,7 +271,7 @@ class WebSockifyServerTestCase(unittest.TestCase):
             def __init__(self, purpose):
                 self.verify_mode = None
                 self.options = 0
-            def load_cert_chain(self, certfile, keyfile):
+            def load_cert_chain(self, certfile, keyfile, password):
                 pass
             def set_default_verify_paths(self):
                 pass
@@ -310,7 +310,7 @@ class WebSockifyServerTestCase(unittest.TestCase):
             def __init__(self, purpose):
                 self.verify_mode = None
                 self.options = 0
-            def load_cert_chain(self, certfile, keyfile):
+            def load_cert_chain(self, certfile, keyfile, password):
                 pass
             def set_default_verify_paths(self):
                 pass
@@ -351,7 +351,7 @@ class WebSockifyServerTestCase(unittest.TestCase):
             def __init__(self, purpose):
                 self.verify_mode = None
                 self._options = 0
-            def load_cert_chain(self, certfile, keyfile):
+            def load_cert_chain(self, certfile, keyfile, password):
                 pass
             def set_default_verify_paths(self):
                 pass
diff --git a/websockify/websocketproxy.py b/websockify/websocketproxy.py
index 16b00d8..d69dad6 100644
--- a/websockify/websocketproxy.py
+++ b/websockify/websocketproxy.py
@@ -478,6 +478,8 @@ def websockify_init():
             help="SSL certificate file")
     parser.add_option("--key", default=None,
             help="SSL key file (if separate from cert)")
+    parser.add_option("--password", default=None,
+            help="SSL key password")
     parser.add_option("--ssl-only", action="store_true",
             help="disallow non-encrypted client connections")
     parser.add_option("--ssl-target", action="store_true",
diff --git a/websockify/websockifyserver.py b/websockify/websockifyserver.py
index fe01f97..c379d64 100644
--- a/websockify/websockifyserver.py
+++ b/websockify/websockifyserver.py
@@ -340,7 +340,7 @@ class WebSockifyServer(object):
 
     def __init__(self, RequestHandlerClass, listen_fd=None,
             listen_host='', listen_port=None, source_is_ipv6=False,
-            verbose=False, cert='', key='', ssl_only=None,
+            verbose=False, cert='', key='', password=None, ssl_only=None,
             verify_client=False, cafile=None,
             daemon=False, record='', web='', web_auth=False,
             file_only=False,
@@ -380,6 +380,7 @@ class WebSockifyServer(object):
 
         # keyfile path must be None if not specified
         self.key = None
+        self.password = password
 
         # Make paths settings absolute
         self.cert = os.path.abspath(cert)
@@ -577,7 +578,7 @@ class WebSockifyServer(object):
                     if self.ssl_ciphers is not None:
                         context.set_ciphers(self.ssl_ciphers)
                     context.options = self.ssl_options
-                    context.load_cert_chain(certfile=self.cert, keyfile=self.key)
+                    context.load_cert_chain(certfile=self.cert, keyfile=self.key, password=self.password)
                     if self.verify_client:
                         context.verify_mode = ssl.CERT_REQUIRED
                         if self.cafile: