[GH#87271] Add information about the openshift-service-ca.crt ConfigMap

modules/customize-certificates-access-default-service-serving-configmap.adoc

@@ -0,0 +1,33 @@
+// Module included in the following assemblies:
+//
+// * security/certificates/service-serving-certificate.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="access-default-service-serving-configmap_{context}"]
+= Access the service CA bundle in the default config map
+
+A pod can access the service CA certificate by mounting the default
+`ConfigMap` object that exists in every project. The service CA
+certificate is in the `service-ca.crt` key of the `openshift-service-ca.crt`
+config map. Access to this CA certificate allows TLS clients to verify
+connections to services using service serving certificates.
+
+.Procedure
+
+. View the config map to ensure that the service CA bundle is available:
++
+[source,terminal]
+----
+$ oc get configmap openshift-service-ca.crt -o yaml
+----
++
+The CA bundle is displayed as the value of the `service-ca.crt` key in the YAML output:
++
+[source,terminal]
+----
+apiVersion: v1
+data:
+  service-ca.crt: |
+    -----BEGIN CERTIFICATE-----
+...
+----

security/certificates/service-serving-certificate.adoc

@@ -14,6 +14,8 @@ include::modules/customize-certificates-add-service-serving.adoc[leveloffset=+1]
 .Additional resources
 * You can use a service certificate to configure a secure route using reencrypt TLS termination. For more information, see xref:../../networking/routes/secured-routes.adoc#nw-ingress-creating-a-reencrypt-route-with-a-custom-certificate_secured-routes[Creating a re-encrypt route with a custom certificate].
 
+include::modules/customize-certificates-access-default-service-serving-configmap.adoc[leveloffset=+1]
+
 include::modules/customize-certificates-add-service-serving-configmap.adoc[leveloffset=+1]
 
 include::modules/customize-certificates-add-service-serving-apiservice.adoc[leveloffset=+1]