diff --git a/provisioner/chef-client/provisioner.go b/provisioner/chef-client/provisioner.go
index b3d91b3e4..a4eac96fc 100644
--- a/provisioner/chef-client/provisioner.go
+++ b/provisioner/chef-client/provisioner.go
@@ -35,6 +35,7 @@ type Config struct {
 	SkipCleanNode        bool     `mapstructure:"skip_clean_node"`
 	SkipInstall          bool     `mapstructure:"skip_install"`
 	StagingDir           string   `mapstructure:"staging_directory"`
+	ClientKey            string   `mapstructure:"client_key"`
 	ValidationKeyPath    string   `mapstructure:"validation_key_path"`
 	ValidationClientName string   `mapstructure:"validation_client_name"`
 
@@ -48,6 +49,7 @@ type Provisioner struct {
 type ConfigTemplate struct {
 	NodeName             string
 	ServerUrl            string
+	ClientKey            string
 	ValidationKeyPath    string
 	ValidationClientName string
 	ChefEnvironment      string
@@ -88,6 +90,7 @@ func (p *Provisioner) Prepare(raws ...interface{}) error {
 		"chef_server_url":        &p.config.ServerUrl,
 		"execute_command":        &p.config.ExecuteCommand,
 		"install_command":        &p.config.InstallCommand,
+		"client_key":             &p.config.ClientKey,
 		"validation_key_path":    &p.config.ValidationKeyPath,
 		"validation_client_name": &p.config.ValidationClientName,
 	}
@@ -209,6 +212,10 @@ func (p *Provisioner) Provision(ui packer.Ui, comm packer.Communicator) error {
 		return fmt.Errorf("Error creating staging directory: %s", err)
 	}
 
+	if p.config.ClientKey == "" {
+		p.config.ClientKey = fmt.Sprintf("%s/client.pem", p.config.StagingDir)
+	}
+
 	if p.config.ValidationKeyPath != "" {
 		remoteValidationKeyPath = fmt.Sprintf("%s/validation.pem", p.config.StagingDir)
 		if err := p.copyValidationKey(ui, comm, remoteValidationKeyPath); err != nil {
@@ -217,7 +224,7 @@ func (p *Provisioner) Provision(ui packer.Ui, comm packer.Communicator) error {
 	}
 
 	configPath, err := p.createConfig(
-		ui, comm, nodeName, serverUrl, remoteValidationKeyPath, p.config.ValidationClientName, p.config.ChefEnvironment, p.config.SslVerifyMode)
+		ui, comm, nodeName, serverUrl, p.config.ClientKey, remoteValidationKeyPath, p.config.ValidationClientName, p.config.ChefEnvironment, p.config.SslVerifyMode)
 	if err != nil {
 		return fmt.Errorf("Error creating Chef config file: %s", err)
 	}
@@ -271,7 +278,7 @@ func (p *Provisioner) uploadDirectory(ui packer.Ui, comm packer.Communicator, ds
 	return comm.UploadDir(dst, src, nil)
 }
 
-func (p *Provisioner) createConfig(ui packer.Ui, comm packer.Communicator, nodeName string, serverUrl string, remoteKeyPath string, validationClientName string, chefEnvironment string, sslVerifyMode string) (string, error) {
+func (p *Provisioner) createConfig(ui packer.Ui, comm packer.Communicator, nodeName string, serverUrl string, clientKey string, remoteKeyPath string, validationClientName string, chefEnvironment string, sslVerifyMode string) (string, error) {
 	ui.Message("Creating configuration file 'client.rb'")
 
 	// Read the template
@@ -294,6 +301,7 @@ func (p *Provisioner) createConfig(ui packer.Ui, comm packer.Communicator, nodeN
 	configString, err := p.config.tpl.Process(tpl, &ConfigTemplate{
 		NodeName:             nodeName,
 		ServerUrl:            serverUrl,
+		ClientKey:            clientKey,
 		ValidationKeyPath:    remoteKeyPath,
 		ValidationClientName: validationClientName,
 		ChefEnvironment:      chefEnvironment,
@@ -566,6 +574,7 @@ var DefaultConfigTemplate = `
 log_level        :info
 log_location     STDOUT
 chef_server_url  "{{.ServerUrl}}"
+client_key       "{{.ClientKey}}"
 {{if ne .ValidationClientName ""}}
 validation_client_name "{{.ValidationClientName}}"
 {{else}}