diff --git a/test/e2e/internal/utils/exec.go b/test/e2e/internal/utils/exec.go
index 8e26d75dc..255306f7d 100644
--- a/test/e2e/internal/utils/exec.go
+++ b/test/e2e/internal/utils/exec.go
@@ -34,9 +34,9 @@ const (
 	orasBinary = "oras"
 
 	// customize your own basic auth file via `htpasswd -cBb <file_name> <user_name> <password>`
-	Username         = "hello"
-	Password         = "oras-test"
-	DefaultTimeout   = 10 * time.Second
+	Username       = "hello"
+	Password       = "oras-test"
+	DefaultTimeout = 10 * time.Second
 	// If the command hasn't exited yet, ginkgo session ExitCode is -1
 	notResponding = -1
 )
diff --git a/test/e2e/suite/auth/auth.go b/test/e2e/suite/auth/auth.go
index 38c5df2b5..8de8aef5d 100644
--- a/test/e2e/suite/auth/auth.go
+++ b/test/e2e/suite/auth/auth.go
@@ -166,6 +166,11 @@ var _ = Describe("Common registry user", func() {
 			ORAS("login", ZOTHost, "--identity-token", Password).
 				MatchErrKeyWords("WARNING", "Using --identity-token via the CLI is insecure", "Use --identity-token-stdin").ExpectFailure().Exec()
 		})
+
+		It("should fail if --cert-file is not used with --key-file with correct error message", func() {
+			ORAS("login", ZOTHost, "--cert-file", "test").
+				MatchErrKeyWords("--key-file", "required", "not provided").ExpectFailure().Exec()
+		})
 	})
 
 	When("using legacy config", func() {