diff --git a/CHANGELOG.md b/CHANGELOG.md
index d2045a7..13ffb3d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,10 @@
   route pattern.
 - Jetforce will no longer raise an exception when attempting to log dropped
   connections or other malformed requests.
+- Added the following CGI variables for client certificates:
+  - TLS_CLIENT_NOT_BEFORE
+  - TLS_CLIENT_NOT_AFTER
+  - TLS_CLIENT_SERIAL_NUMBER
 
 ### v0.2.0 (2012-01-21)
 
diff --git a/README.md b/README.md
index c60d933..bece300 100644
--- a/README.md
+++ b/README.md
@@ -155,7 +155,7 @@ The CGI script must then write the gemini response to the *stdout* stream.
 This includes the status code and meta string on the first line, and the
 optional response body on subsequent lines. The bytes generated by the 
 CGI script will be forwarded *verbatim* to the gemini client, without any
-additional modificiation by the server.
+additional modification by the server.
 
 ## Deployment
 
diff --git a/jetforce.py b/jetforce.py
index 4ffa5ad..5c1536e 100755
--- a/jetforce.py
+++ b/jetforce.py
@@ -527,7 +527,13 @@ class GeminiRequestHandler:
         if self.client_cert:
             subject = dict(x[0] for x in self.client_cert["subject"])
             environ.update(
-                {"AUTH_TYPE": "CERTIFICATE", "REMOTE_USER": subject["commonName"]}
+                {
+                    "AUTH_TYPE": "CERTIFICATE",
+                    "REMOTE_USER": subject["commonName"],
+                    "TLS_CLIENT_NOT_BEFORE": self.client_cert["notBefore"],
+                    "TLS_CLIENT_NOT_AFTER": self.client_cert["notAfter"],
+                    "TLS_CLIENT_SERIAL_NUMBER": self.client_cert["serialNumber"],
+                }
             )
 
         return environ