sigstore · haydentherapper · Mar 4, 2025 · Feb 21, 2025
diff --git a/content/en/cosign/verifying/timestamps.md b/content/en/cosign/verifying/timestamps.md
@@ -39,33 +39,33 @@

 To use a TSA to fetch a signed timestamp during signing, pick a timestamp authority, and run:

 ```
 export TSA_URL=https://freetsa.org/tsr
 cosign sign --timestamp-server-url $TSA_URL <artifact>
 ```

 To verify, retrieve the TSA's certificate chain, which must contain the root CA certificate, any number of intermediate CA certificates, and the issuing leaf TSA certificate. The chain could come from a trusted source such as [TUF metadata](https://theupdateframework.io/), from the TSA documentation, or through an API, `/api/v1/timestamp/certchain`, if the TSA is an instance of [the service we've implemented](https://github.com/sigstore/timestamp-authority). Run the following:

 ```
 cosign verify --timestamp-certificate-chain ts_chain.pem <artifact>
 ```
 
 ### mTLS connection to the TSA server
 
-`cosign sign` and `cosign sign-blob` accept several additional optional parameters to pass the CA certificate of
+`cosign sign`, `sign-blob`, `attest` and `attest-blob` commands accept several additional optional parameters to pass the CA certificate of
 the TSA server in cases where it uses a custom CA, or to establish a mutual TLS connection to the TSA server:
 ```
     --timestamp-client-cacert='':
 	path to the X.509 CA certificate file in PEM format to be used for the connection to the
 	TSA Server

    --timestamp-client-cert='':
 	path to the X.509 certificate file in PEM format to be used for the connection to the TSA
 	Server

    --timestamp-client-key='':
 	path to the X.509 private key file in PEM format to be used, together with the
 	'timestamp-client-cert' value, for the connection to the TSA Server

    --timestamp-server-name='':
 	SAN name to use as the 'ServerName' tls.Config field to verify the mTLS connection to the