diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js
index 887db012e78402..d2ee04e0e669c5 100644
--- a/lib/_tls_wrap.js
+++ b/lib/_tls_wrap.js
@@ -869,9 +869,25 @@ Server.prototype.setOptions = function(options) {
   }
 
   if (options.pfx) this.pfx = options.pfx;
-  if (options.key) this.key = options.key;
+  var defaultCiphers = options.ciphers === tls.DEFAULT_CIPHERS;
+  if (!options.key) {
+    if ((options.ciphers === undefined || defaultCiphers) && !options.pfx) {
+      throw new Error('key is a required parameter for Server.createServer');
+    }
+  } else {
+    this.key = options.key;
+  }
+
   if (options.passphrase) this.passphrase = options.passphrase;
-  if (options.cert) this.cert = options.cert;
+
+  if (!options.cert) {
+    if ((options.ciphers === undefined || defaultCiphers) && !options.pfx) {
+      throw new Error('cert is a required parameter for Server.createServer');
+    }
+  } else {
+    this.cert = options.cert;
+  }
+
   if (options.ca) this.ca = options.ca;
   if (options.secureProtocol) this.secureProtocol = options.secureProtocol;
   if (options.crl) this.crl = options.crl;
diff --git a/test/parallel/test-https-pfx.js b/test/parallel/test-https-pfx.js
index 5e080b4e3ded12..122c29a957f830 100644
--- a/test/parallel/test-https-pfx.js
+++ b/test/parallel/test-https-pfx.js
@@ -21,6 +21,15 @@ var options = {
   rejectUnauthorized: false
 };
 
+var options1 = {
+  host: '127.0.0.1',
+  port: common.PORT,
+  path: '/',
+  pfx: pfx,
+  passphrase: 'sample',
+  requestCert: true
+};
+
 var server = https.createServer(options, function(req, res) {
   assert.equal(req.socket.authorized, false); // not a client cert
   assert.equal(req.socket.authorizationError, 'DEPTH_ZERO_SELF_SIGNED_CERT');
@@ -28,6 +37,12 @@ var server = https.createServer(options, function(req, res) {
   res.end('OK');
 });
 
+assert.doesNotThrow(() => https.createServer(options1, assert.fail),
+ 'cert is a required parameter for Server.createServer');
+
+assert.doesNotThrow(() => https.createServer(options1, assert.fail),
+  'key is a required parameter for Server.createServer');
+
 server.listen(options.port, options.host, function() {
   var data = '';
 
diff --git a/test/parallel/test-https-server-options.js b/test/parallel/test-https-server-options.js
new file mode 100644
index 00000000000000..2c3854b6d8c147
--- /dev/null
+++ b/test/parallel/test-https-server-options.js
@@ -0,0 +1,21 @@
+'use strict';
+const common = require('../common');
+const assert = require('assert');
+const https = require('https');
+const fs = require('fs');
+
+const options1 = {
+  key: fs.readFileSync(common.fixturesDir + '/keys/agent1-key.pem', 'ascii'),
+  crt: fs.readFileSync(common.fixturesDir + '/keys/agent1-cert.pem', 'ascii')
+};
+
+const options2 = {
+  ky: fs.readFileSync(common.fixturesDir + '/keys/agent1-key.pem', 'ascii'),
+  cert: fs.readFileSync(common.fixturesDir + '/keys/agent1-cert.pem', 'ascii')
+};
+
+assert.throws(() => https.createServer(options1, assert.fail),
+'cert is a required parameter for Server.createServer');
+
+assert.throws(() => https.createServer(options2, assert.fail),
+'key is a required parameter for Server.createServer');