diff --git a/manifests/init.pp b/manifests/init.pp
index eee805e..83c38a2 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -839,6 +839,7 @@ class ssh (
   }
 
   if $sshd_config_hostcertificate_real != undef {
+    validate_array($sshd_config_hostcertificate_real)
     validate_absolute_path($sshd_config_hostcertificate_real)
   }
 
diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb
index aa2270d..76868b2 100644
--- a/spec/classes/init_spec.rb
+++ b/spec/classes/init_spec.rb
@@ -1068,16 +1068,22 @@ describe 'sshd_config_print_last_log param' do
   end
 
   describe 'sshd_config_hostcertificate param' do
-    ['unset', '/etc/ssh/ssh_host_key-cert.pub'].each do |value|
-      context "set to #{value}" do
-        let (:params) { { :sshd_config_hostcertificate => value } }
+    context 'unset value' do
+      let(:params) { { :sshd_config_hostcertificate => 'unset' } }
 
-        if value == 'unset'
-          it { should contain_file('sshd_config').without_content(/^\s*HostCertificate/) }
-        else
-          it { should contain_file('sshd_config').with_content(/^HostCertificate #{value}/) }
-        end
-      end
+      it { should contain_file('sshd_config').without_content(/^\s*HostCertificate/) }
+    end
+
+    context 'with a certificate' do
+      let(:params) { { :sshd_config_hostcertificate => ['/etc/ssh/ssh_host_key-cert.pub'] } }
+
+      it { should contain_file('sshd_config').with_content(/^HostCertificate \/etc\/ssh\/ssh_host_key-cert\.pub/) }
+    end
+
+    context 'with multiple certs' do
+      let(:params) { { :sshd_config_hostcertificate => [ '/etc/ssh/ssh_host_key-cert.pub', '/etc/ssh/ssh_host_key-cert2.pub'] } }
+
+      it { should contain_file('sshd_config').with_content(/^HostCertificate \/etc\/ssh\/ssh_host_key-cert\.pub\nHostCertificate \/etc\/ssh\/ssh_host_key-cert2\.pub/)}
     end
   end
 
@@ -1087,7 +1093,7 @@ describe 'sshd_config_print_last_log param' do
     it 'should fail' do
       expect {
         should contain_class('ssh')
-      }.to raise_error(Puppet::Error,/"invalid" is not an absolute path/)
+      }.to raise_error(Puppet::PreformattedError,/"invalid" is not an Array/)
     end
   end
 
diff --git a/templates/sshd_config.erb b/templates/sshd_config.erb
index 4e06f40..e88b27b 100644
--- a/templates/sshd_config.erb
+++ b/templates/sshd_config.erb
@@ -264,7 +264,9 @@ Match <%= key %>
 <%   end -%>
 <% end -%>
 <% if @sshd_config_hostcertificate_real -%>
-HostCertificate <%= @sshd_config_hostcertificate_real %>
+<%   @sshd_config_hostcertificate_real.each do |cert| -%>
+HostCertificate <%= cert %>
+<%   end -%>
 <% end -%>
 <% if @sshd_config_trustedusercakeys_real -%>
 TrustedUserCAKeys <%= @sshd_config_trustedusercakeys_real %>