diff --git a/modules/programs/ssh.nix b/modules/programs/ssh.nix
index 0f88c538..b0d07f51 100644
--- a/modules/programs/ssh.nix
+++ b/modules/programs/ssh.nix
@@ -125,6 +125,14 @@ let
         description = "The command to use to connect to the server.";
       };
 
+      certificateFile = mkOption {
+        type = types.nullOr types.path;
+        default = null;
+        description = ''
+          Specifies a file from which the user certificate is read.
+        '';
+      };
+
       extraOptions = mkOption {
         type = types.attrsOf types.str;
         default = {};
@@ -144,6 +152,7 @@ let
     ++ optional cf.identitiesOnly            "  IdentitiesOnly yes"
     ++ optional (cf.user != null)            "  User ${cf.user}"
     ++ optional (cf.identityFile != null)    "  IdentityFile ${cf.identityFile}"
+    ++ optional (cf.certificateFile != null) "  CertificateFile ${cf.certificateFile}"
     ++ optional (cf.hostname != null)        "  HostName ${cf.hostname}"
     ++ optional (cf.sendEnv != [])           "  SendEnv ${unwords cf.sendEnv}"
     ++ optional (cf.serverAliveInterval != 0)