diff --git a/docs/usage.rst b/docs/usage.rst
index 32da358eb2dd5a3450606d8b5e38c34b10e3f6ee..0de5e5e7795f57e633faa711978272c7f25f559d 100644
--- a/docs/usage.rst
+++ b/docs/usage.rst
@@ -776,6 +776,18 @@ role.
       mail_user_uid: 5000
       mail_user_gid: 5000
 
+      # Set private keys and certificates to use for the IMAP service.
+      imap_tls_certificate: "{{ lookup('file', 'tls/comms.example.com_imap.pem') }}"
+      imap_tls_key: "{{ lookup('file', 'tls/comms.example.com_imap.key') }}"
+
+      # Set private keys and certificates to use for the SMTP service.
+      smtp_tls_certificate: "{{ lookup('file', 'tls/comms.example.com_smtp.pem') }}"
+      smtp_tls_key: "{{ lookup('file', 'tls/comms.example.com_smtp.key') }}"
+
+      # Set the X.509 certificate truststore to use for validating the
+      # LDAP server certificate.
+      mail_ldap_tls_truststore: "{{ lookup('file', 'tls/truststore.pem') }}"
+
 3. There are two distinct mail services that need to access the LDAP directory -
    *Postfix* (serving as an SMTP server), and *Dovecot* (serving as an IMAP
    server). These two need their own dedicated LDAP entries on the LDAP server in