diff --git a/docs/plugins/cert.md b/docs/plugins/cert.md
index 58583cd..4c07336 100644
--- a/docs/plugins/cert.md
+++ b/docs/plugins/cert.md
@@ -1,5 +1,12 @@
+# Authentication Using Signed Certificates
-# Authentication Using Signed Certificates
+Using client-specific certificates, signed by a common authority (even if self-signed) provides
+a highly secure way of authenticating mqtt clients. Often used with IoT devices where a unique
+certificate can be initialized on initial provisioning.
+
+With so many options, X509 certificates can be daunting to create with `openssl`. Included are
+command line utilities to generate a root self-signed certificate and then the proper broker and
+device certificates with the correct X509 attributes to enable authenticity.
### Quick start
diff --git a/docs/plugins/contrib.md b/docs/plugins/contrib.md
index 3d2b508..7a536c1 100644
--- a/docs/plugins/contrib.md
+++ b/docs/plugins/contrib.md
@@ -17,3 +17,12 @@ These are fully supported plugins but require additional dependencies to be inst
- [HTTP Auth](http.md)
Determine client authentication and authorization based on response from a separate HTTP server.
`amqtt.contrib.http.HttpAuthTopicPlugin`
+
+- [Certificate Auth](cert.md)
+ Using client-specific certificates, signed by a common authority (even if self-signed) provides
+ a highly secure way of authenticating mqtt clients. Often used with IoT devices where a unique
+ certificate can be initialized on initial provisioning. Includes command line utilities to generate
+ root, broker and device certificates with the correct X509 attributes to enable authenticity.
+
+ `amqtt.contrib.cert.CertificateAuthPlugin.Config`
+
diff --git a/mkdocs.rtd.yml b/mkdocs.rtd.yml
index f7fb658..c1d215a 100644
--- a/mkdocs.rtd.yml
+++ b/mkdocs.rtd.yml
@@ -44,6 +44,7 @@ nav:
- plugins/contrib.md
- Database Auth: plugins/auth_db.md
- HTTP Auth: plugins/http.md
+ - Certificate Auth: plugins/cert.md
- Configuration:
- Broker: references/broker_config.md
- Client: references/client_config.md