diff --git a/src/RestSharp/RestClient.cs b/src/RestSharp/RestClient.cs
index c48c45544..fe50cd607 100644
--- a/src/RestSharp/RestClient.cs
+++ b/src/RestSharp/RestClient.cs
@@ -234,8 +234,8 @@ internal static void ConfigureHttpMessageHandler(HttpClientHandler handler, Rest
         if (!OperatingSystem.IsBrowser()) {
 #endif
         handler.UseCookies             = false;
-        handler.Credentials            = options.Credentials;
-        handler.UseDefaultCredentials  = options.UseDefaultCredentials;
+        handler.UseDefaultCredentials = options.UseDefaultCredentials;
+        if (options.Credentials != null) handler.Credentials = options.Credentials;
         handler.AutomaticDecompression = options.AutomaticDecompression;
         handler.PreAuthenticate        = options.PreAuthenticate;
         if (options.MaxRedirects.HasValue) handler.MaxAutomaticRedirections = options.MaxRedirects.Value;
diff --git a/test/RestSharp.Tests/CredentialConfigurationTests.cs b/test/RestSharp.Tests/CredentialConfigurationTests.cs
new file mode 100644
index 000000000..1528e4489
--- /dev/null
+++ b/test/RestSharp.Tests/CredentialConfigurationTests.cs
@@ -0,0 +1,44 @@
+using System.Net;
+
+namespace RestSharp.Tests;
+
+public class CredentialConfigurationTests {
+    [Fact]
+    public void Explicit_credentials_are_not_overwritten_by_UseDefaultCredentials() {
+        var credentials = new NetworkCredential("user", "password");
+        var options = new RestClientOptions("https://dummy.org") {
+            Credentials           = credentials,
+            UseDefaultCredentials = false
+        };
+
+        var handler = new HttpClientHandler();
+        RestClient.ConfigureHttpMessageHandler(handler, options);
+
+        handler.Credentials.Should().BeSameAs(credentials);
+    }
+
+    [Fact]
+    public void DefaultCredentials_set_explicitly_are_not_overwritten() {
+        var options = new RestClientOptions("https://dummy.org") {
+            Credentials           = CredentialCache.DefaultCredentials,
+            UseDefaultCredentials = false
+        };
+
+        var handler = new HttpClientHandler();
+        RestClient.ConfigureHttpMessageHandler(handler, options);
+
+        handler.Credentials.Should().BeSameAs(CredentialCache.DefaultCredentials);
+    }
+
+    [Fact]
+    public void UseDefaultCredentials_sets_credentials_when_no_explicit_credentials() {
+        var options = new RestClientOptions("https://dummy.org") {
+            UseDefaultCredentials = true
+        };
+
+        var handler = new HttpClientHandler();
+        RestClient.ConfigureHttpMessageHandler(handler, options);
+
+        handler.UseDefaultCredentials.Should().BeTrue();
+    }
+}