diff --git a/docs/public-networks/how-to/use-besu-api/authenticate.md b/docs/public-networks/how-to/use-besu-api/authenticate.md
index 820fb6298ac..1ec098520dc 100644
--- a/docs/public-networks/how-to/use-besu-api/authenticate.md
+++ b/docs/public-networks/how-to/use-besu-api/authenticate.md
@@ -160,10 +160,15 @@ The private and accompanying public key files must be in `.pem` format.
The [key algorithm](https://datatracker.ietf.org/doc/html/rfc7518#section-3.1) can be:
-- RSA with private key length of at least 2048 bits using algorithm `RS256`, `RS384` or `RS512`.
-- ECDSA private key, using `ES256` (`secp256r1` or `secp256k1`), `ES384` or `ES512`.
+- RSA with private key length of at least 2048 bits using algorithm `RS256`, `RS384`, or `RS512`.
+- ECDSA private key, using `ES256` (`secp256r1` or `secp256k1`), `ES384`, or `ES512`.
-Besu default is `RS256`.
+The default value for Besu is `RS256`.
+When you use a different key algorithm, you must specify the
+[`--rcp-http-authentication-jwt-algorithm`](../../reference/cli/options#rpc-http-authentication-jwt-algorithm)
+option and/or the
+[`--rcp-ws-authentication-jwt-algorithm`](../../reference/cli/options#rpc-ws-authentication-jwt-algorithm)
+option depending on your needs.
@@ -179,10 +184,10 @@ Besu default is `RS256`.
```bash
openssl rsa -pubout -in privateRSAKey.pem -pubout -out publicRSAKey.pem
```
-
+
-
+
1. Generate the private key:
diff --git a/docs/public-networks/reference/cli/options.md b/docs/public-networks/reference/cli/options.md
index c241ceafc9b..0d16f619475 100644
--- a/docs/public-networks/reference/cli/options.md
+++ b/docs/public-networks/reference/cli/options.md
@@ -3272,7 +3272,50 @@ rpc-http-authentication-enabled=true
-Enables or disables [authentication](../../how-to/use-besu-api/authenticate.md) for the HTTP JSON-RPC service.
+Enables or disables [authentication](../../how-to/use-besu-api/authenticate.md) for the JSON-RPC HTTP service.
+
+### `rpc-http-authentication-jwt-algorithm`
+
+
+
+
+
+```bash
+---rpc-http-authentication-jwt-algorithm=
+```
+
+
+
+
+
+```bash
+--rpc-http-authentication-jwt-algorithm=ES256
+```
+
+
+
+
+
+```bash
+BESU_RPC_HTTP_AUTHENTICATION_JWT_ALGORITHM=ES256
+```
+
+
+
+
+
+```bash
+rpc-http-authentication-jwt-algorithm="ES256"
+```
+
+
+
+
+
+The [JWT key algorithm](../../how-to/use-besu-api/authenticate#1-generate-a-private-and-public-key-pair)
+used to generate the keypair for JSON-RPC HTTP authentication.
+Possible values are `RS256`, `RS384`, `RS512`, `ES256`, `ES384`, and `ES512`.
+The default is `RS256`.
### `rpc-http-authentication-jwt-public-key-file`
@@ -4237,7 +4280,7 @@ rpc-ws-authentication-enabled=true
-Enables or disables [authentication](../../how-to/use-besu-api/authenticate.md) for the WebSocket JSON-RPC service.
+Enables or disables [authentication](../../how-to/use-besu-api/authenticate.md) for the JSON-RPC WebSocket service.
:::note
@@ -4245,6 +4288,49 @@ Enables or disables [authentication](../../how-to/use-besu-api/authenticate.md)
:::
+### `rpc-ws-authentication-jwt-algorithm`
+
+
+
+
+
+```bash
+---rpc-ws-authentication-jwt-algorithm=
+```
+
+
+
+
+
+```bash
+--rpc-ws-authentication-jwt-algorithm=ES256
+```
+
+
+
+
+
+```bash
+BESU_RPC_WS_AUTHENTICATION_JWT_ALGORITHM=ES256
+```
+
+
+
+
+
+```bash
+rpc-ws-authentication-jwt-algorithm="ES256"
+```
+
+
+
+
+
+The [JWT key algorithm](../../how-to/use-besu-api/authenticate#1-generate-a-private-and-public-key-pair)
+used to generate the keypair for JSON-RPC WebSocket authentication.
+Possible values are `RS256`, `RS384`, `RS512`, `ES256`, `ES384`, and `ES512`.
+The default is `RS256`.
+
### `rpc-ws-authentication-jwt-public-key-file`
diff --git a/versioned_docs/version-23.10.2/public-networks/how-to/use-besu-api/authenticate.md b/versioned_docs/version-23.10.2/public-networks/how-to/use-besu-api/authenticate.md
index 820fb6298ac..3ea835e39b3 100644
--- a/versioned_docs/version-23.10.2/public-networks/how-to/use-besu-api/authenticate.md
+++ b/versioned_docs/version-23.10.2/public-networks/how-to/use-besu-api/authenticate.md
@@ -179,7 +179,7 @@ Besu default is `RS256`.
```bash
openssl rsa -pubout -in privateRSAKey.pem -pubout -out publicRSAKey.pem
```
-
+
diff --git a/versioned_docs/version-23.10.3/public-networks/how-to/use-besu-api/authenticate.md b/versioned_docs/version-23.10.3/public-networks/how-to/use-besu-api/authenticate.md
index 820fb6298ac..3ea835e39b3 100644
--- a/versioned_docs/version-23.10.3/public-networks/how-to/use-besu-api/authenticate.md
+++ b/versioned_docs/version-23.10.3/public-networks/how-to/use-besu-api/authenticate.md
@@ -179,7 +179,7 @@ Besu default is `RS256`.
```bash
openssl rsa -pubout -in privateRSAKey.pem -pubout -out publicRSAKey.pem
```
-
+
diff --git a/versioned_docs/version-24.1.0/public-networks/how-to/use-besu-api/authenticate.md b/versioned_docs/version-24.1.0/public-networks/how-to/use-besu-api/authenticate.md
index 820fb6298ac..3ea835e39b3 100644
--- a/versioned_docs/version-24.1.0/public-networks/how-to/use-besu-api/authenticate.md
+++ b/versioned_docs/version-24.1.0/public-networks/how-to/use-besu-api/authenticate.md
@@ -179,7 +179,7 @@ Besu default is `RS256`.
```bash
openssl rsa -pubout -in privateRSAKey.pem -pubout -out publicRSAKey.pem
```
-
+