diff --git a/src/Microsoft.AspNetCore.Server.Kestrel.Https/ClientCertificateMode.cs b/src/Microsoft.AspNetCore.Server.Kestrel.Https/ClientCertificateMode.cs
index 9697cb6476..caff5e041a 100644
--- a/src/Microsoft.AspNetCore.Server.Kestrel.Https/ClientCertificateMode.cs
+++ b/src/Microsoft.AspNetCore.Server.Kestrel.Https/ClientCertificateMode.cs
@@ -3,10 +3,24 @@
 
 namespace Microsoft.AspNetCore.Server.Kestrel.Https
 {
+    /// <summary>
+    /// Describes the client certificate requirements for a HTTPS connection.
+    /// </summary>
     public enum ClientCertificateMode
     {
+        /// <summary>
+        /// A client certificate is not required and will not be requested from clients.
+        /// </summary>
         NoCertificate,
+
+        /// <summary>
+        /// A client certificate will be requested; however, authentication will not fail if a certificate is not provided by the client.
+        /// </summary>
         AllowCertificate,
+
+        /// <summary>
+        /// A client certificate will be requested, and the client must provide a valid certificate for authentication to succeed.
+        /// </summary>
         RequireCertificate
     }
 }
diff --git a/src/Microsoft.AspNetCore.Server.Kestrel.Https/HttpsConnectionAdapterOptions.cs b/src/Microsoft.AspNetCore.Server.Kestrel.Https/HttpsConnectionAdapterOptions.cs
index 728c842c65..d10fdbf23b 100644
--- a/src/Microsoft.AspNetCore.Server.Kestrel.Https/HttpsConnectionAdapterOptions.cs
+++ b/src/Microsoft.AspNetCore.Server.Kestrel.Https/HttpsConnectionAdapterOptions.cs
@@ -8,18 +8,43 @@ using System.Security.Cryptography.X509Certificates;
 
 namespace Microsoft.AspNetCore.Server.Kestrel.Https
 {
+    /// <summary>
+    /// Settings for how Kestrel should handle HTTPS connections.
+    /// </summary>
     public class HttpsConnectionAdapterOptions
     {
+        /// <summary>
+        /// Initializes a new instance of <see cref="HttpsConnectionAdapterOptions"/>.
+        /// </summary>
         public HttpsConnectionAdapterOptions()
         {
             ClientCertificateMode = ClientCertificateMode.NoCertificate;
             SslProtocols = SslProtocols.Tls12 | SslProtocols.Tls11;
         }
 
+        /// <summary>
+        /// Specifies the server certificate used to authenticate HTTPS connections.
+        /// </summary>
         public X509Certificate2 ServerCertificate { get; set; }
+
+        /// <summary>
+        /// Specifies the client certificate requirements for a HTTPS connection. Defaults to <see cref="ClientCertificateMode.NoCertificate"/>.
+        /// </summary>
         public ClientCertificateMode ClientCertificateMode { get; set; }
+
+        /// <summary>
+        /// Specifies a callback for additional client certificate validation that will be invoked during authentication.
+        /// </summary>
         public Func<X509Certificate2, X509Chain, SslPolicyErrors, bool> ClientCertificateValidation { get; set; }
+
+        /// <summary>
+        /// Specifies allowable SSL protocols. Defaults to <see cref="SslProtocols.Tls12" /> and <see cref="SslProtocols.Tls11"/>.
+        /// </summary>
         public SslProtocols SslProtocols { get; set; }
+
+        /// <summary>
+        /// Specifies whether the certificate revocation list is checked during authentication.
+        /// </summary>
         public bool CheckCertificateRevocation { get; set; }
     }
 }