diff --git a/content/docs/releases/release-notes/release-notes-1.14.md b/content/docs/releases/release-notes/release-notes-1.14.md
index 536e3c46f3e..7df878945f6 100644
--- a/content/docs/releases/release-notes/release-notes-1.14.md
+++ b/content/docs/releases/release-notes/release-notes-1.14.md
@@ -57,7 +57,8 @@ so that clients can verify the identity of the metrics server.
 
 The liveness probe of the cert-manager controller Pod is now enabled by default.
 
-There is a new option `.spec.keystores.pkcs12.algorithms` to specify encryption and MAC algorithms for PKCS.
+There is a new option `.spec.keystores.pkcs12.profile` to specify encryption and HMAC algorithms for PKCS keystores.
+See the [API reference](../../../docs/reference/api-docs.md#cert-manager.io/v1.PKCS12Profile) for configuration options.
 
 ### Community
 
diff --git a/content/docs/usage/certificate.md b/content/docs/usage/certificate.md
index 87e508223c5..df47c202639 100644
--- a/content/docs/usage/certificate.md
+++ b/content/docs/usage/certificate.md
@@ -96,6 +96,15 @@ spec:
     # This is optional since cert-manager will default to this value however
     # if you are using an external issuer, change this to that issuer group.
     group: cert-manager.io
+  
+  # keystores allows adding additional output formats. This is an example for reference only.
+  keystores:
+    pkcs12: 
+      create: true
+      passwordSecretRef: 
+        name: example-com-tls-keystore
+        key: password
+      profile: Modern2023
 ```
 
 The signed certificate will be stored in a `Secret` resource named