diff --git a/src/site/xdoc/sslsetup.xml b/src/site/xdoc/sslsetup.xml
index 2dee893b..4053daca 100644
--- a/src/site/xdoc/sslsetup.xml
+++ b/src/site/xdoc/sslsetup.xml
@@ -11,30 +11,45 @@
     <body>
 
         <section name="SSL setup">
-            <p>SSL is not necessary when DavMail is used in workstation mode, as communication between clients and
-                DavMail remain local. However, in server (shared) mode e.g. with a smartphone connecting to DavMail over
-                the internet, you should make sure encryption is enabled.
-            </p>
+            <subsection name="Server keystore (Client to DavMail)">
+                <p>SSL is not necessary when DavMail is used in workstation mode, as communication between clients and
+                    DavMail remain local. However, in server (shared) mode e.g. with a smartphone connecting to DavMail
+                    over the internet, you should make sure encryption is enabled.
+                </p>
 
-            <p>The simplest way to secure communication between mail/calendar clients and DavMail is to create a
-                self signed certificate:
-            </p>
-            <source>
-<![CDATA[keytool -genkey -keyalg rsa -keysize 2048 -storepass password -keystore davmail.p12 -storetype pkcs12 -validity 3650 -dname cn=davmailhostname.company.com,ou=davmail,o=sf,o=net]]>
-            </source>
+                <p>The simplest way to secure communication between mail/calendar clients and DavMail is to create a
+                    self signed certificate:
+                </p>
+                <source>
+                    keytool -genkey -keyalg rsa -keysize 2048 -storepass password -keystore davmail.p12 -storetype
+                    pkcs12 -validity 3650 -dname cn=davmailhostname.company.com,ou=davmail,o=sf,o=net
+                </source>
 
-            <p>Then add this keystore to DavMail settings:
-            </p>
-            <source><![CDATA[
+                <p>Then add this keystore to DavMail settings:
+                </p>
+                <source><![CDATA[
 davmail.ssl.keystoreType=PKCS12
 davmail.ssl.keyPass=password
 davmail.ssl.keystoreFile=davmail.p12
 davmail.ssl.keystorePass=password]]>
-            </source>
-            <p>Restart DavMail, all DavMail listeners will switch to secure mode. You will also need to enable SSL in
-                client applications and manually accept the certificate as it's not signed by a trusted
-                Certification Authority.
-            </p>
+                </source>
+                <p>Restart DavMail, all DavMail listeners will switch to secure mode. You will also need to enable SSL
+                    in
+                    client applications and manually accept the certificate as it's not signed by a trusted
+                    Certification Authority.
+                </p>
+            </subsection>
+            <subsection name="DavMail to Exchange">
+                <p>In most cases, using https in OWA url is enough to secure communication between DavMail and Exchange.
+                    However, with Exchange servers setup to require mutual authentication, you will have to register
+                    client certificate in DavMail settings, either through PKCS11 (smartcard) or file certificate:
+                </p>
+                <source><![CDATA[
+davmail.ssl.clientKeystoreType=PKCS12
+davmail.ssl.clientKeystoreFile=client.p12
+davmail.ssl.clientKeystorePass=password]]>
+                </source>
+            </subsection>
         </section>
     </body>
 </document>
\ No newline at end of file