diff --git a/docs/simplesamlphp-install.md b/docs/simplesamlphp-install.md
index 7ebd15cc80895abfd694e4f99ca7b4435cb866f3..7e02d930af2cc151ffb0b0cb264fe7d274dc4cb7 100644
--- a/docs/simplesamlphp-install.md
+++ b/docs/simplesamlphp-install.md
@@ -16,7 +16,7 @@ SimpleSAMLphp news and documentation
 
 This document is part of the SimpleSAMLphp documentation suite.
 
- * [List of all SimpleSAMLphp documentation](http://simplesamlphp.org/docs)
+ * [List of all SimpleSAMLphp documentation](https://simplesamlphp.org/docs)
  * [SimpleSAMLphp homepage](https://simplesamlphp.org)
 
 
@@ -110,7 +110,7 @@ Configuring Apache
 
 Examples below assume that SimpleSAMLphp is installed in the default location, `/var/simplesamlphp`. You may choose another location, but this requires a path update in a few files. See Appendix for details ‹Installing SimpleSAMLphp in alternative locations›.
 
-The only subdirectories of `SimpleSAMLphp` that needs to be accessible from the web is `www`. There are several ways of putting the SimpleSAMLphp depending on the way web sites are structured on your apache web server. Here is what I believe is the best configuration.
+The only subdirectory of `SimpleSAMLphp` that needs to be accessible from the web is `www`. There are several ways of exposing SimpleSAMLphp depending on the way web sites are structured on your Apache web server. The following is just one possible configuration.
 
 Find the Apache configuration file for the virtual hosts where you want to run SimpleSAMLphp. The configuration may look like this:
 
@@ -135,19 +135,24 @@ Find the Apache configuration file for the virtual hosts where you want to run S
             </Directory>
     </VirtualHost>
 
-Note the `Alias` directive, which gives control to SimpleSAMLphp for all urls matching `http(s)://service.example.com/simplesaml/*`. SimpleSAMLphp makes several SAML interfaces available on the web; all of them are included in the `www` subdirectory of your SimpleSAMLphp installation. You can name the alias whatever you want, but the name must be specified in the `config.php` file of simpleSAML as described in [the section called “SimpleSAMLphp configuration: config.php”](#sect.config "SimpleSAMLphp configuration: config.php"). Here is an example of how this configuration may look like in `config.php`:
+Note the `Alias` directive, which gives control to SimpleSAMLphp for all urls matching `http(s)://service.example.com/simplesaml/*`. SimpleSAMLphp makes several SAML interfaces available on the web; all of them are included in the `www` subdirectory of your SimpleSAMLphp installation. You can name the alias whatever you want, but the name must be specified in the `config.php` file of SimpleSAMLphp as described in [the section called “SimpleSAMLphp configuration: config.php”](#sect.config "SimpleSAMLphp configuration: config.php"). Here is an example of how this configuration may look like in `config.php`:
 
     $config = array (
     [...]
             'baseurlpath'                   => 'simplesaml/',
 
 Note also the `SetEnv` directive. It sets the `SIMPLESAMLPHP_CONFIG_DIR` environment variable, in this case, to the
-default location for the configuration directory. You can always omit this environment variable, and SimpleSAMLphp will
+default location for the configuration directory. You can omit this environment variable, and SimpleSAMLphp will
 then look for the `config` directory inside its own directory. If you need to move your configuration to a different
-location, you can use this environment variable to tell SimpleSAMLphp where to look for configuration files. Remember
-this works only for the `config` directory. If you need your metadata to be in a different directory too, use the
+location, you can use this environment variable to tell SimpleSAMLphp where to look for configuration files.
+This works only for the `config` directory. If you need your metadata to be in a different directory too, use the
 `metadatadir` configuration option to specify the location.
 
+This is just the basic configuration to get things working. For a checklist
+further completing your documentation, please see
+[Maintenance and configuration: Apache](simplesamlphp-maintenance#section_4).
+
+
 SimpleSAMLphp configuration: config.php
 ---------------------------------------
 
@@ -258,6 +263,7 @@ You have now successfully installed SimpleSAMLphp, and the next steps depends on
   * [Use case: Setting up an IdP for Google Apps](simplesamlphp-googleapps)
   * [Identity Provider Advanced Topics](simplesamlphp-idp-more)
  * [Automated Metadata Management](simplesamlphp-automated_metadata)
+ * [Maintenance and configuration](simplesamlphp-maintenance)
 
 
 Support
diff --git a/docs/simplesamlphp-maintenance.md b/docs/simplesamlphp-maintenance.md
index 421377a4419d025e43874b653be5242cbf716e54..ba75024938977cde24caa07f2852f84a1741ca8a 100644
--- a/docs/simplesamlphp-maintenance.md
+++ b/docs/simplesamlphp-maintenance.md
@@ -164,7 +164,16 @@ alternative, you may log to flat files.
 
 ## Apache configuration
 
-
+Basic Apache configruation is described in [SimpleSAMLphp Installation](simplesamlphp-install#section_6).
+However, your IdP or SP is most likely a valuable website that you want to configure securely. Here are some checks.
+
+* Make sure you use HTTPS with a proper certificate. The best way is to not
+  serve anything over plain HTTP, except for a possible redirect to https.
+* Configure your TLS/SSL to be secure. Mozilla has an easy way to generate
+  [Recommended Server Configurations](https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_Server_Configurations).
+  Verify your SSL settings, e.g. with the [SSLLabs SSLtest](https://www.ssllabs.com/ssltest/).
+* In your Apache configuration, add headers that further secure your site.
+  A good check with hints on what to add is [Mozilla Observatory](https://observatory.mozilla.org/analyze.html).
 
 ## PHP configuration