diff --git a/dlls/crypt32/tests/cert.c b/dlls/crypt32/tests/cert.c
index 685a5643555..ea904f6be96 100644
--- a/dlls/crypt32/tests/cert.c
+++ b/dlls/crypt32/tests/cert.c
@@ -2065,6 +2065,58 @@ static void testCreateSelfSignCert(void)
         CRYPT_DELETEKEYSET);
 }
 
+static void testIntendedKeyUsage(void)
+{
+    BOOL ret;
+    CERT_INFO info = { 0 };
+    static char oid_key_usage[] = szOID_KEY_USAGE;
+    /* A couple "key usages".  Really they're just encoded bits which aren't
+     * necessarily restricted to the defined key usage values.
+     */
+    static BYTE usage1[] = { 0x03,0x03,0x00,0xff,0xff };
+    static BYTE usage2[] = { 0x03,0x03,0x01,0xff,0xfe };
+    static const BYTE expected_usage1[] = { 0xff,0xff,0x00,0x00 };
+    static const BYTE expected_usage2[] = { 0xff,0xfe,0x00,0x00 };
+    CERT_EXTENSION ext = { oid_key_usage, TRUE, { sizeof(usage1), usage1 } };
+    BYTE usage_bytes[4];
+
+    if (0)
+    {
+        /* Crash */
+        ret = CertGetIntendedKeyUsage(0, NULL, NULL, 0);
+    }
+    ret = CertGetIntendedKeyUsage(0, &info, NULL, 0);
+    ok(!ret, "expected failure\n");
+    ret = CertGetIntendedKeyUsage(0, &info, usage_bytes, sizeof(usage_bytes));
+    ok(!ret, "expected failure\n");
+    ret = CertGetIntendedKeyUsage(X509_ASN_ENCODING, &info, NULL, 0);
+    ok(!ret, "expected failure\n");
+    ret = CertGetIntendedKeyUsage(X509_ASN_ENCODING, &info, usage_bytes,
+     sizeof(usage_bytes));
+    info.cExtension = 1;
+    info.rgExtension = &ext;
+    ret = CertGetIntendedKeyUsage(X509_ASN_ENCODING, &info, NULL, 0);
+    ok(!ret, "expected failure\n");
+    /* The unused bytes are filled with 0. */
+    ret = CertGetIntendedKeyUsage(X509_ASN_ENCODING, &info, usage_bytes,
+     sizeof(usage_bytes));
+    todo_wine {
+    ok(ret, "CertGetIntendedKeyUsage failed: %08x\n", GetLastError());
+    ok(!memcmp(usage_bytes, expected_usage1, sizeof(expected_usage1)),
+     "unexpected value\n");
+    }
+    /* The usage bytes are copied in big-endian order. */
+    ext.Value.cbData = sizeof(usage2);
+    ext.Value.pbData = usage2;
+    ret = CertGetIntendedKeyUsage(X509_ASN_ENCODING, &info, usage_bytes,
+     sizeof(usage_bytes));
+    todo_wine {
+    ok(ret, "CertGetIntendedKeyUsage failed: %08x\n", GetLastError());
+    ok(!memcmp(usage_bytes, expected_usage2, sizeof(expected_usage2)),
+     "unexpected value\n");
+    }
+}
+
 static const LPCSTR keyUsages[] = { szOID_PKIX_KP_CODE_SIGNING,
  szOID_PKIX_KP_CLIENT_AUTH, szOID_RSA_RSA };
 
@@ -3222,6 +3274,7 @@ START_TEST(cert)
     testCertSigs();
     testSignAndEncodeCert();
     testCreateSelfSignCert();
+    testIntendedKeyUsage();
     testKeyUsage();
     testGetValidUsages();
     testCompareCertName();