diff --git a/README.md b/README.md
index 418b0e45..e98730a8 100644
--- a/README.md
+++ b/README.md
@@ -43,6 +43,38 @@ Likewise the broker is managed by default, but ```manage_broker``` is there. The
 
 There are various types that can be used to manage providers, assuming the correct plugin is installed.
 
+For security certificates can be used. For example on the webservice:
+
+```puppet
+class { '::pulp':
+  https_cert   => '/path/to/public_key.pem',
+  https_key    => '/path/to/private_key.pem',
+  https_chain  => '/path/to/ca_chain.pem',
+  # Optionally you can change the accepted protocols
+  ssl_protocol => ['all', '-SSLv3', '-TLSv1', '-TLSv1.1'],
+}
+```
+
+The connection to the MongoDB server can also be encrypted:
+
+```puppet
+class { '::pulp':
+  db_ssl          => true,
+  db_ssl_keyfile  => '/path/to/private_key.pem',
+  db_ssl_certfile => '/path/to/public_key.pem',
+  db_ca_path      => '/path/to/ca.pem',
+}
+```
+
+Similarly the connection to the message broker can be encrypted:
+
+```puppet
+class { '::pulp':
+  broker_url     => 'qpid://user:password@broker.example.com:5671',
+  broker_use_ssl => true,
+}
+```
+
 #### RPM provider
 
 ```puppet
@@ -109,7 +141,7 @@ include ::pulp::admin
 
 Optionally several plugins can be installed.
 
-```
+```puppet
 class { '::pulp::admin':
   enable_docker => true,
   enable_ostree => true,