Secure communication is very important in computer networks and authentication is one of the most eminent preconditions. However, common authentication schemes are not applicable in ad hoc networks because public key infrastructures with a centralized certification authority are hard to deploy there. We propose and evaluate a security concept based on a distributed certification facility. A network is divided into clusters with one special head node each. These cluster head nodes execute administrative functions and hold shares of a network key used for certification. New nodes start to participate in the network as guests; they can only become full members with a network-signed certificate after their authenticity has been warranted by some other members. The feasibility of this concept was verified by simulation. Three different models for node mobility were used in order to include realistic scenarios as well as make the results comparable to other work. The simulation results include an evaluation of the log-on times, availability, and communication overhead.