diff --git a/source/tutorial/configure-ssl.txt b/source/tutorial/configure-ssl.txt
index ee676e1660d..9d234fe90bb 100644
--- a/source/tutorial/configure-ssl.txt
+++ b/source/tutorial/configure-ssl.txt
@@ -49,8 +49,9 @@ Certificate Authorities
 
 When establishing a TLS/SSL connection, the
 :binary:`~bin.mongod`/:binary:`~bin.mongos` presents a certificate key
-file (containing a public key certificate and its associated private
-key) to its clients to establish its identity. [#FIPS]_
+file to its clients to establish its identity. [#FIPS]_ The certificate
+key file contains a public key certificate and its associated private
+key, but only the public component is revealed to the client.
 
 MongoDB can use any valid TLS/SSL certificate issued by a certificate
 authority, or a self-signed certificate. If you use a self-signed