Updated Deployment (markdown)

Deployment.md

@@ -28,7 +28,7 @@ You can also specify an alternative socket path by using the `-H` flag and the `
 $ docker run -d -p 9000:9000 -v /var/run/docker.sock:/docker/docker.sock portainer/portainer -H unix://docker/docker.sock
 ```
 
-### Connect to a remote host
+### Connect to a remote Docker engine
 
 In order to connect to a remote host, use the `-H` flag and the `tcp://` protocol:
 
@@ -36,6 +36,28 @@ In order to connect to a remote host, use the `-H` flag and the `tcp://` protoco
 $ docker run -d -p 9000:9000 portainer/portainer -H tcp://<DOCKER_HOST>:<DOCKER_PORT>
 ```
 
+### Connect to a Docker engine with TLS enabled
+
+If your Docker engine is protected using TLS, you'll need to ensure that you have access to CA, the certificate and the public key used to access your Docker engine. 
+
+You can then use the `--tlsverify` flag to enable TLS communication with the Docker API. Portainer will try to use the following paths to the files specified previously:
+
+* CA: `/certs/ca.pem`
+* certificate: `/certs/cert.pem`
+* public key: `/certs/key.pem`
+
+You must ensure these files are present in the container using a bind mount:
+
+```shell
+$ docker run -d -p 9000:9000 portainer/portainer -v /path/to/certs:/certs -H tcp://<DOCKER_HOST>:<DOCKER_PORT> --tlsverify
+```
+
+You can also use the `--tlscacert`, `--tlscert` and `--tlskey` flags if you want to change the default path to the CA, certificate and key file respectively:
+
+```shell
+$ docker run -d -p 9000:9000 portainer/portainer -v /path/to/certs:/certs -H tcp://<DOCKER_HOST>:<DOCKER_PORT> --tlsverify --tlscacert /certs/myCa.pem --tlscert /certs/myCert.pem --tlskey /certs/myKey.pem
+```
+
 ## Without Docker
 
 Deployment strategies: