diff --git a/CHANGELOG b/CHANGELOG
index eda541c69..481e9d682 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,5 +1,8 @@
 # Nmap Changelog ($Id$); -*-text-*-
 
+o [NSE] Add the signature algorithm that was used to sign the target port's 
+  x509 certificate to the output of ssl-cert.nse [Tom Sellers]
+
 o [NSE] Fixed a bug in the sslcert.lua library that was triggered against
   certain services when version detection was used. [Tom Sellers]
   
diff --git a/nse_ssl_cert.cc b/nse_ssl_cert.cc
index a5504eed4..a126aeb2f 100644
--- a/nse_ssl_cert.cc
+++ b/nse_ssl_cert.cc
@@ -449,12 +449,16 @@ int l_get_ssl_certificate(lua_State *L)
   subject = X509_get_subject_name(cert);
   if (subject != NULL) {
     x509_name_to_table(L, subject);
-    lua_setfield(L, -2, "subject");
-  }
-
-  issuer = X509_get_issuer_name(cert);
-  if (issuer != NULL) {
-    x509_name_to_table(L, issuer);
+    lua_setfield(L, -2, "subject");
+  }
+
+  const char *sig_algo = OBJ_nid2ln(OBJ_obj2nid(cert->sig_alg->algorithm));
+  lua_pushstring(L, sig_algo);
+  lua_setfield(L, -2, "sig_algorithm");
+
+  issuer = X509_get_issuer_name(cert);
+  if (issuer != NULL) {
+    x509_name_to_table(L, issuer);
     lua_setfield(L, -2, "issuer");
   }
 
diff --git a/scripts/ssl-cert.nse b/scripts/ssl-cert.nse
index 2e766c9a9..b7a3b9c70 100644
--- a/scripts/ssl-cert.nse
+++ b/scripts/ssl-cert.nse
@@ -26,12 +26,13 @@ With <code>-v</code> it adds the issuer name and fingerprints.
 | ssl-cert: Subject: commonName=www.paypal.com/organizationName=PayPal, Inc.\
 /stateOrProvinceName=California/countryName=US
 | Issuer: commonName=VeriSign Class 3 Extended Validation SSL CA\
-/organizationName=VeriSign, Inc./countryName=US
-| Public Key type: rsa
-| Public Key bits: 2048
-| Not valid before: 2011-03-23 00:00:00
-| Not valid after:  2013-04-01 23:59:59
-| MD5:   bf47 ceca d861 efa7 7d14 88ad 4a73 cb5b
+/organizationName=VeriSign, Inc./countryName=US
+| Public Key type: rsa
+| Public Key bits: 2048
+| Signature Algorithm: sha1WithRSAEncryption
+| Not valid before: 2011-03-23 00:00:00
+| Not valid after:  2013-04-01 23:59:59
+| MD5:   bf47 ceca d861 efa7 7d14 88ad 4a73 cb5b
 |_SHA-1: d846 5221 467a 0d15 3df0 9f2e af6d 4390 0213 9a68
 </code>
 
@@ -47,12 +48,13 @@ certificate.
 /organizationalUnitName=PayPal Production/businessCategory=Private Organization
 | Issuer: commonName=VeriSign Class 3 Extended Validation SSL CA\
 /organizationName=VeriSign, Inc./countryName=US\
-/organizationalUnitName=Terms of use at https://www.verisign.com/rpa (c)06
-| Public Key type: rsa
-| Public Key bits: 2048
-| Not valid before: 2011-03-23 00:00:00
-| Not valid after:  2013-04-01 23:59:59
-| MD5:   bf47 ceca d861 efa7 7d14 88ad 4a73 cb5b
+/organizationalUnitName=Terms of use at https://www.verisign.com/rpa (c)06
+| Public Key type: rsa
+| Public Key bits: 2048
+| Signature Algorithm: sha1WithRSAEncryption
+| Not valid before: 2011-03-23 00:00:00
+| Not valid after:  2013-04-01 23:59:59
+| MD5:   bf47 ceca d861 efa7 7d14 88ad 4a73 cb5b
 | SHA-1: d846 5221 467a 0d15 3df0 9f2e af6d 4390 0213 9a68
 | -----BEGIN CERTIFICATE-----
 | MIIGSzCCBTOgAwIBAgIQLjOHT2/i1B7T//819qTJGDANBgkqhkiG9w0BAQUFADCB
@@ -92,12 +94,13 @@ certificate.
 --   <elem key="countryName">US</elem>
 -- </table>
 -- <table key="pubkey">
---   <elem key="type">rsa</elem>
---   <elem key="bits">2048</elem>
--- </table>
--- <table key="validity">
---   <elem key="notBefore">2011-03-23T00:00:00+00:00</elem>
---   <elem key="notAfter">2013-04-01T23:59:59+00:00</elem>
+--   <elem key="type">rsa</elem>
+--   <elem key="bits">2048</elem>
+-- </table>
+-- <elem key="sig_algo">sha1WithRSAEncryption</elem>
+-- <table key="validity">
+--   <elem key="notBefore">2011-03-23T00:00:00+00:00</elem>
+--   <elem key="notAfter">2013-04-01T23:59:59+00:00</elem>
 -- </table>
 -- <elem key="md5">bf47cecad861efa77d1488ad4a73cb5b</elem>
 -- <elem key="sha1">d8465221467a0d153df09f2eaf6d439002139a68</elem>
@@ -185,12 +188,13 @@ end
 
 local function output_tab(cert)
   local o = stdnse.output_table()
-  o.subject = name_to_table(cert.subject)
-  o.issuer = name_to_table(cert.issuer)
-  o.pubkey = cert.pubkey
-  o.validity = {}
-  for k, v in pairs(cert.validity) do
-    if type(v)=="string" then
+  o.subject = name_to_table(cert.subject)
+  o.issuer = name_to_table(cert.issuer)
+  o.pubkey = cert.pubkey
+  o.sig_algo = cert.sig_algorithm
+  o.validity = {}
+  for k, v in pairs(cert.validity) do
+    if type(v)=="string" then
       o.validity[k] = v
     else
       o.validity[k] = stdnse.format_timestamp(v)
@@ -211,12 +215,13 @@ local function output_str(cert)
     lines[#lines + 1] = "Issuer: " .. stringify_name(cert.issuer)
   end
 
-  if nmap.verbosity() > 0 then
-    lines[#lines + 1] = "Public Key type: " .. cert.pubkey.type
-    lines[#lines + 1] = "Public Key bits: " .. cert.pubkey.bits
-  end
-
-  lines[#lines + 1] = "Not valid before: " ..
+  if nmap.verbosity() > 0 then
+    lines[#lines + 1] = "Public Key type: " .. cert.pubkey.type
+    lines[#lines + 1] = "Public Key bits: " .. cert.pubkey.bits
+    lines[#lines + 1] = "Signature Algorithm: " .. cert.sig_algorithm
+  end
+
+  lines[#lines + 1] = "Not valid before: " ..
   date_to_string(cert.validity.notBefore)
   lines[#lines + 1] = "Not valid after:  " ..
   date_to_string(cert.validity.notAfter)