diff --git a/tests/e2e/v3_curl_test.go b/tests/e2e/v3_curl_test.go
index cdc99b7a1..ea17ddc84 100644
--- a/tests/e2e/v3_curl_test.go
+++ b/tests/e2e/v3_curl_test.go
@@ -73,6 +73,11 @@ func TestV3CurlAuth(t *testing.T) {
 		testCtl(t, testV3CurlAuth, withApiPrefix(p))
 	}
 }
+func TestV3CurlAuthClientTLSCertAuth(t *testing.T) {
+	for _, p := range apiPrefix {
+		testCtl(t, testV3CurlAuth, withApiPrefix(p), withCfg(configClientTLSCertAuth))
+	}
+}
 
 func testV3CurlPutGet(cx ctlCtx) {
 	var (
@@ -179,12 +184,21 @@ func testV3CurlTxn(cx ctlCtx) {
 }
 
 func testV3CurlAuth(cx ctlCtx) {
+	p := cx.apiPrefix
+
 	// create root user
-	userreq, err := json.Marshal(&pb.AuthUserAddRequest{Name: string("root"), Password: string("toor")})
+	rootuser, err := json.Marshal(&pb.AuthUserAddRequest{Name: string("root"), Password: string("toor")})
 	testutil.AssertNil(cx.t, err)
 
-	p := cx.apiPrefix
-	if err = cURLPost(cx.epc, cURLReq{endpoint: path.Join(p, "/auth/user/add"), value: string(userreq), expected: "revision"}); err != nil {
+	if err = cURLPost(cx.epc, cURLReq{endpoint: path.Join(p, "/auth/user/add"), value: string(rootuser), expected: "revision"}); err != nil {
+		cx.t.Fatalf("failed testV3CurlAuth add user with curl (%v)", err)
+	}
+
+	// create non root user
+	nonrootuser, err := json.Marshal(&pb.AuthUserAddRequest{Name: string("example.com"), Password: string("example")})
+	testutil.AssertNil(cx.t, err)
+
+	if err = cURLPost(cx.epc, cURLReq{endpoint: path.Join(p, "/auth/user/add"), value: string(nonrootuser), expected: "revision"}); err != nil {
 		cx.t.Fatalf("failed testV3CurlAuth add user with curl (%v)", err)
 	}
 
@@ -197,10 +211,18 @@ func testV3CurlAuth(cx ctlCtx) {
 	}
 
 	// grant root role
-	grantrolereq, err := json.Marshal(&pb.AuthUserGrantRoleRequest{User: string("root"), Role: string("root")})
+	grantroleroot, err := json.Marshal(&pb.AuthUserGrantRoleRequest{User: string("root"), Role: string("root")})
 	testutil.AssertNil(cx.t, err)
 
-	if err = cURLPost(cx.epc, cURLReq{endpoint: path.Join(p, "/auth/user/grant"), value: string(grantrolereq), expected: "revision"}); err != nil {
+	if err = cURLPost(cx.epc, cURLReq{endpoint: path.Join(p, "/auth/user/grant"), value: string(grantroleroot), expected: "revision"}); err != nil {
+		cx.t.Fatalf("failed testV3CurlAuth grant role with curl using prefix (%s) (%v)", p, err)
+	}
+
+	// grant non root user root role
+	grantrole, err := json.Marshal(&pb.AuthUserGrantRoleRequest{User: string("example.com"), Role: string("root")})
+	testutil.AssertNil(cx.t, err)
+
+	if err = cURLPost(cx.epc, cURLReq{endpoint: path.Join(p, "/auth/user/grant"), value: string(grantrole), expected: "revision"}); err != nil {
 		cx.t.Fatalf("failed testV3CurlAuth grant role with curl using prefix (%s) (%v)", p, err)
 	}
 
@@ -243,7 +265,7 @@ func testV3CurlAuth(cx ctlCtx) {
 		cx.t.Fatalf("failed invalid token in authenticate response with curl")
 	}
 
-	authHeader = "Authorization : " + token
+	authHeader = "Authorization: " + token
 
 	// put with auth
 	if err = cURLPost(cx.epc, cURLReq{endpoint: path.Join(p, "/kv/put"), value: string(putreq), header: authHeader, expected: "revision"}); err != nil {