diff --git a/docs/csaf_aggregator.md b/docs/csaf_aggregator.md
index 2a9e482..43cdc46 100644
--- a/docs/csaf_aggregator.md
+++ b/docs/csaf_aggregator.md
@@ -95,6 +95,9 @@ interim_years           // limiting the years for which interim documents are se
 verbose                 // print more diagnostic output, e.g. https requests (default false)
 allow_single_provider   // debugging option (default false)
 ignorepattern           // patterns of advisory URLs to be ignored
+client_cert             // path to client certificate to access access-protected advisories
+client_key              // path to client key to access access-protected advisories
+client_passphrase       // client passphrase to access access-protected advisories
 ```
 
 Next we have two TOML _tables_:
@@ -125,6 +128,9 @@ update_interval
 create_service_document
 categories
 ignorepattern
+client_cert
+client_key
+client_passphrase
 ```
 
 Where valid `name` and `domain` settings are required.
@@ -196,6 +202,9 @@ insecure = true
 #  rate = 1.2
 #  insecure = true
   write_indices = true
+  client_cert = "./../devca1/testclient1.crt"
+  client_key = "./../devca1/testclient1-key.pem"
+#  client_passphrase =
 
 [[providers]]
   name = "local-dev-provider3"
diff --git a/docs/examples/aggregator.toml b/docs/examples/aggregator.toml
index 80f9b8a..25d236e 100644
--- a/docs/examples/aggregator.toml
+++ b/docs/examples/aggregator.toml
@@ -38,6 +38,9 @@ insecure = true
 #  rate = 1.2
 #  insecure = true
   write_indices = true
+  client_cert = "./../devca1/testclient1.crt"
+  client_key = "./../devca1/testclient1-key.pem"
+#  client_passphrase =
 
 [[providers]]
   name = "local-dev-provider3"