diff --git a/lib/transport/tls-session.c b/lib/transport/tls-session.c
index ba0500910c..04386166f5 100644
--- a/lib/transport/tls-session.c
+++ b/lib/transport/tls-session.c
@@ -132,6 +132,7 @@ tls_session_verify_fingerprint(X509_STORE_CTX *ctx)
           if (strcmp((const gchar *)(current_fingerprint->data), hash->str) == 0)
             {
               match = TRUE;
+              g_strlcpy(self->peer_info.fingerprint, hash->str, sizeof(self->peer_info.fingerprint));
               break;
             }
         }
diff --git a/lib/transport/tls-session.h b/lib/transport/tls-session.h
index 312557fd8f..3eceec9e2e 100644
--- a/lib/transport/tls-session.h
+++ b/lib/transport/tls-session.h
@@ -28,6 +28,7 @@
 #define X509_MAX_CN_LEN 64
 #define X509_MAX_O_LEN 64
 #define X509_MAX_OU_LEN 32
+#define X509_MAX_FP_LEN 256
 
 typedef struct _TLSContext TLSContext;
 typedef struct _TLSSession
@@ -41,6 +42,7 @@ typedef struct _TLSSession
     gchar o[X509_MAX_O_LEN];
     gchar ou[X509_MAX_OU_LEN];
     gchar cn[X509_MAX_CN_LEN];
+    gchar fingerprint[X509_MAX_FP_LEN];
   } peer_info;
 } TLSSession;
 
diff --git a/lib/transport/transport-tls.c b/lib/transport/transport-tls.c
index b34d6ea225..2091d0ad33 100644
--- a/lib/transport/transport-tls.c
+++ b/lib/transport/transport-tls.c
@@ -112,6 +112,8 @@ log_transport_tls_read_method(LogTransport *s, gpointer buf, gsize buflen, LogTr
           log_transport_aux_data_add_nv_pair(aux, ".tls.x509_o", self->tls_session->peer_info.o);
           log_transport_aux_data_add_nv_pair(aux, ".tls.x509_ou", self->tls_session->peer_info.ou);
         }
+      if (self->tls_session->peer_info.fingerprint[0])
+        log_transport_aux_data_add_nv_pair(aux, ".tls.x509_fp", self->tls_session->peer_info.fingerprint);
 
       /* NOTE: we only support TLS on top of TCP for now.  We could reuse the
        * proto auto detection code from transport-socket to make this more