diff --git a/docs/service-mesh/ca/README.md b/docs/service-mesh/ca/README.md
index 40861a851f..809dae8253 100644
--- a/docs/service-mesh/ca/README.md
+++ b/docs/service-mesh/ca/README.md
@@ -94,6 +94,9 @@ Periodic (or background) opeartions are started automatically by the Consul lead
     3. called by Auto-Config to sign a leaf cert for a client agent
 
 ### detailed call flow
-- sequence diagram for leader election
+![CA Leader Sequence](./ca-leader-sequence.svg)
+
+<sup>[source](./ca-leader-sequence.mmd)</sup>
+
 - sequence diagram for leaf signing
 - sequence diagram for CA cert rotation
diff --git a/docs/service-mesh/ca/ca-leader-sequence.mmd b/docs/service-mesh/ca/ca-leader-sequence.mmd
new file mode 100644
index 0000000000..f81e66b7ab
--- /dev/null
+++ b/docs/service-mesh/ca/ca-leader-sequence.mmd
@@ -0,0 +1,19 @@
+sequenceDiagram
+Participant Provider
+Participant PL As Primary Leader
+Participant SL As Secondary Leader
+Alt Primary don't have a valid CA
+PL->>Provider:initializeRootCA (fetch root and sign intermediate)
+Provider->>PL:root + intermediate
+PL->>PL:RPC ConnectCA.Roots (fetch primary root and store it)
+end
+SL->>PL: RPC ConnectCA.Roots (fetch primary root and store it)
+PL->>SL: Root + intermediate
+Alt Secondary needs a new intermediate (check if current intermediate is signed by primary root)
+SL->>Provider: Generate CSR
+Provider->>SL: CSR
+SL->>PL: ConnectCA.SignIntermediate (CSR)
+PL->>SL: Intermediate CA (secondary)
+SL->>Provider: Set Intermediate (secondary CA) + root (primary CA)
+SL->>SL: Store certs in RAFT (primary root + secondary intermediate)
+end
\ No newline at end of file
diff --git a/docs/service-mesh/ca/ca-leader-sequence.svg b/docs/service-mesh/ca/ca-leader-sequence.svg
new file mode 100644
index 0000000000..d19b957e44
--- /dev/null
+++ b/docs/service-mesh/ca/ca-leader-sequence.svg
@@ -0,0 +1 @@
+<svg id="graph-div" width="100%" xmlns="http://www.w3.org/2000/svg" height="919" style="max-width: 1298px;" viewBox="-50 -10 1298 919"><style>#graph-div{font-family:"trebuchet ms",verdana,arial,sans-serif;font-size:16px;fill:#333;}#graph-div .error-icon{fill:#552222;}#graph-div .error-text{fill:#552222;stroke:#552222;}#graph-div .edge-thickness-normal{stroke-width:2px;}#graph-div .edge-thickness-thick{stroke-width:3.5px;}#graph-div .edge-pattern-solid{stroke-dasharray:0;}#graph-div .edge-pattern-dashed{stroke-dasharray:3;}#graph-div .edge-pattern-dotted{stroke-dasharray:2;}#graph-div .marker{fill:#333333;stroke:#333333;}#graph-div .marker.cross{stroke:#333333;}#graph-div svg{font-family:"trebuchet ms",verdana,arial,sans-serif;font-size:16px;}#graph-div .actor{stroke:hsl(259.6261682243,59.7765363128%,87.9019607843%);fill:#ECECFF;}#graph-div text.actor &gt; tspan{fill:black;stroke:none;}#graph-div .actor-line{stroke:grey;}#graph-div .messageLine0{stroke-width:1.5;stroke-dasharray:none;stroke:#333;}#graph-div .messageLine1{stroke-width:1.5;stroke-dasharray:2,2;stroke:#333;}#graph-div #arrowhead path{fill:#333;stroke:#333;}#graph-div .sequenceNumber{fill:white;}#graph-div #sequencenumber{fill:#333;}#graph-div #crosshead path{fill:#333;stroke:#333;}#graph-div .messageText{fill:#333;stroke:#333;}#graph-div .labelBox{stroke:hsl(259.6261682243,59.7765363128%,87.9019607843%);fill:#ECECFF;}#graph-div .labelText,#graph-div .labelText &gt; tspan{fill:black;stroke:none;}#graph-div .loopText,#graph-div .loopText &gt; tspan{fill:black;stroke:none;}#graph-div .loopLine{stroke-width:2px;stroke-dasharray:2,2;stroke:hsl(259.6261682243,59.7765363128%,87.9019607843%);fill:hsl(259.6261682243,59.7765363128%,87.9019607843%);}#graph-div .note{stroke:#aaaa33;fill:#fff5ad;}#graph-div .noteText,#graph-div .noteText &gt; tspan{fill:black;stroke:none;}#graph-div .activation0{fill:#f4f4f4;stroke:#666;}#graph-div .activation1{fill:#f4f4f4;stroke:#666;}#graph-div .activation2{fill:#f4f4f4;stroke:#666;}#graph-div .actor,#graph-div .er.entityBox{fill:rgb(220,71,125);stroke-width:1;stroke:black;}#graph-div .note{fill:#f0f0f0;stroke-width:1px;stroke:#333;}#graph-div .edgeLabel{background-color:#f0f0f0;}#graph-div .er.entityBox + .er.entityLabel{fill:white;}#graph-div .er.attributeBoxEven,#graph-div .er.attributeBoxOdd{fill:#fff;stroke:#777;}#graph-div:root{--mermaid-font-family:"trebuchet ms",verdana,arial,sans-serif;}</style><g></g><g><line id="actor654" x1="75" y1="5" x2="75" y2="908" class="actor-line" stroke-width="0.5px" stroke="#999"></line><rect x="0" y="0" fill="#eaeaea" stroke="#666" width="150" height="65" rx="3" ry="3" class="actor"></rect><text x="75" y="32.5" dominant-baseline="central" alignment-baseline="central" class="actor" style="text-anchor: middle; font-size: 14px; font-weight: 400; font-family: Open-Sans, sans-serif;"><tspan x="75" dy="0">Provider</tspan></text></g><g><line id="actor655" x1="510" y1="5" x2="510" y2="908" class="actor-line" stroke-width="0.5px" stroke="#999"></line><rect x="435" y="0" fill="#eaeaea" stroke="#666" width="150" height="65" rx="3" ry="3" class="actor"></rect><text x="510" y="32.5" dominant-baseline="central" alignment-baseline="central" class="actor" style="text-anchor: middle; font-size: 14px; font-weight: 400; font-family: Open-Sans, sans-serif;"><tspan x="510" dy="0">Primary Leader</tspan></text></g><g><line id="actor656" x1="972" y1="5" x2="972" y2="908" class="actor-line" stroke-width="0.5px" stroke="#999"></line><rect x="897" y="0" fill="#eaeaea" stroke="#666" width="150" height="65" rx="3" ry="3" class="actor"></rect><text x="972" y="32.5" dominant-baseline="central" alignment-baseline="central" class="actor" style="text-anchor: middle; font-size: 14px; font-weight: 400; font-family: Open-Sans, sans-serif;"><tspan x="972" dy="0">Secondary Leader</tspan></text></g><defs><marker id="arrowhead" refX="9" refY="5" markerUnits="userSpaceOnUse" markerWidth="12" markerHeight="12" orient="auto"><path d="M 0 0 L 10 5 L 0 10 z"></path></marker></defs><defs><marker id="crosshead" markerWidth="15" markerHeight="8" orient="auto" refX="16" refY="4"><path fill="black" stroke="#000000" stroke-width="1px" d="M 9,2 V 6 L16,4 Z" style="stroke-dasharray: 0, 0;"></path><path fill="none" stroke="#000000" stroke-width="1px" d="M 0,1 L 6,7 M 6,1 L 0,7" style="stroke-dasharray: 0, 0;"></path></marker></defs><defs><marker id="filled-head" refX="18" refY="7" markerWidth="20" markerHeight="28" orient="auto"><path d="M 18,7 L9,13 L14,7 L9,1 Z"></path></marker></defs><defs><marker id="sequencenumber" refX="15" refY="15" markerWidth="60" markerHeight="40" orient="auto"><circle cx="15" cy="15" r="6"></circle></marker></defs><text x="293" y="125" text-anchor="middle" dominant-baseline="middle" alignment-baseline="middle" class="messageText" dy="1em" style="font-family: &quot;trebuchet ms&quot;, verdana, arial, sans-serif; font-size: 16px; font-weight: 400;">initializeRootCA (fetch root and sign intermediate)</text><line x1="510" y1="158" x2="75" y2="158" class="messageLine0" stroke-width="2" stroke="none" marker-end="url(#arrowhead)" style="fill: none;"></line><text x="293" y="173" text-anchor="middle" dominant-baseline="middle" alignment-baseline="middle" class="messageText" dy="1em" style="font-family: &quot;trebuchet ms&quot;, verdana, arial, sans-serif; font-size: 16px; font-weight: 400;">root + intermediate</text><line x1="75" y1="206" x2="510" y2="206" class="messageLine0" stroke-width="2" stroke="none" marker-end="url(#arrowhead)" style="fill: none;"></line><text x="510" y="221" text-anchor="middle" dominant-baseline="middle" alignment-baseline="middle" class="messageText" dy="1em" style="font-family: &quot;trebuchet ms&quot;, verdana, arial, sans-serif; font-size: 16px; font-weight: 400;">RPC ConnectCA.Roots (fetch primary root and store it)</text><path d="M 510,254 C 570,244 570,284 510,274" class="messageLine0" stroke-width="2" stroke="none" marker-end="url(#arrowhead)" style="fill: none;"></path><g><line x1="65" y1="75" x2="716" y2="75" class="loopLine"></line><line x1="716" y1="75" x2="716" y2="324" class="loopLine"></line><line x1="65" y1="324" x2="716" y2="324" class="loopLine"></line><line x1="65" y1="75" x2="65" y2="324" class="loopLine"></line><polygon points="65,75 115,75 115,88 106.6,95 65,95" class="labelBox"></polygon><text x="90" y="88" text-anchor="middle" dominant-baseline="middle" alignment-baseline="middle" class="labelText" style="font-family: &quot;trebuchet ms&quot;, verdana, arial, sans-serif; font-size: 16px; font-weight: 400;">alt</text><text x="415.5" y="93" text-anchor="middle" class="loopText" style="font-family: &quot;trebuchet ms&quot;, verdana, arial, sans-serif; font-size: 16px; font-weight: 400;"><tspan x="415.5">[Primary don't have a valid CA]</tspan></text></g><text x="741" y="339" text-anchor="middle" dominant-baseline="middle" alignment-baseline="middle" class="messageText" dy="1em" style="font-family: &quot;trebuchet ms&quot;, verdana, arial, sans-serif; font-size: 16px; font-weight: 400;">RPC ConnectCA.Roots (fetch primary root and store it)</text><line x1="972" y1="372" x2="510" y2="372" class="messageLine0" stroke-width="2" stroke="none" marker-end="url(#arrowhead)" style="fill: none;"></line><text x="741" y="387" text-anchor="middle" dominant-baseline="middle" alignment-baseline="middle" class="messageText" dy="1em" style="font-family: &quot;trebuchet ms&quot;, verdana, arial, sans-serif; font-size: 16px; font-weight: 400;">Root + intermediate</text><line x1="510" y1="420" x2="972" y2="420" class="messageLine0" stroke-width="2" stroke="none" marker-end="url(#arrowhead)" style="fill: none;"></line><text x="524" y="480" text-anchor="middle" dominant-baseline="middle" alignment-baseline="middle" class="messageText" dy="1em" style="font-family: &quot;trebuchet ms&quot;, verdana, arial, sans-serif; font-size: 16px; font-weight: 400;">Generate CSR</text><line x1="972" y1="513" x2="75" y2="513" class="messageLine0" stroke-width="2" stroke="none" marker-end="url(#arrowhead)" style="fill: none;"></line><text x="524" y="528" text-anchor="middle" dominant-baseline="middle" alignment-baseline="middle" class="messageText" dy="1em" style="font-family: &quot;trebuchet ms&quot;, verdana, arial, sans-serif; font-size: 16px; font-weight: 400;">CSR</text><line x1="75" y1="561" x2="972" y2="561" class="messageLine0" stroke-width="2" stroke="none" marker-end="url(#arrowhead)" style="fill: none;"></line><text x="741" y="576" text-anchor="middle" dominant-baseline="middle" alignment-baseline="middle" class="messageText" dy="1em" style="font-family: &quot;trebuchet ms&quot;, verdana, arial, sans-serif; font-size: 16px; font-weight: 400;">ConnectCA.SignIntermediate (CSR)</text><line x1="972" y1="609" x2="510" y2="609" class="messageLine0" stroke-width="2" stroke="none" marker-end="url(#arrowhead)" style="fill: none;"></line><text x="741" y="624" text-anchor="middle" dominant-baseline="middle" alignment-baseline="middle" class="messageText" dy="1em" style="font-family: &quot;trebuchet ms&quot;, verdana, arial, sans-serif; font-size: 16px; font-weight: 400;">Intermediate CA (secondary)</text><line x1="510" y1="657" x2="972" y2="657" class="messageLine0" stroke-width="2" stroke="none" marker-end="url(#arrowhead)" style="fill: none;"></line><text x="524" y="672" text-anchor="middle" dominant-baseline="middle" alignment-baseline="middle" class="messageText" dy="1em" style="font-family: &quot;trebuchet ms&quot;, verdana, arial, sans-serif; font-size: 16px; font-weight: 400;">Set Intermediate (secondary CA) + root (primary CA)</text><line x1="972" y1="705" x2="75" y2="705" class="messageLine0" stroke-width="2" stroke="none" marker-end="url(#arrowhead)" style="fill: none;"></line><text x="972" y="720" text-anchor="middle" dominant-baseline="middle" alignment-baseline="middle" class="messageText" dy="1em" style="font-family: &quot;trebuchet ms&quot;, verdana, arial, sans-serif; font-size: 16px; font-weight: 400;">Store certs in RAFT (primary root + secondary intermediate)</text><path d="M 972,753 C 1032,743 1032,783 972,773" class="messageLine0" stroke-width="2" stroke="none" marker-end="url(#arrowhead)" style="fill: none;"></path><g><line x1="65" y1="430" x2="1198" y2="430" class="loopLine"></line><line x1="1198" y1="430" x2="1198" y2="823" class="loopLine"></line><line x1="65" y1="823" x2="1198" y2="823" class="loopLine"></line><line x1="65" y1="430" x2="65" y2="823" class="loopLine"></line><polygon points="65,430 115,430 115,443 106.6,450 65,450" class="labelBox"></polygon><text x="90" y="443" text-anchor="middle" dominant-baseline="middle" alignment-baseline="middle" class="labelText" style="font-family: &quot;trebuchet ms&quot;, verdana, arial, sans-serif; font-size: 16px; font-weight: 400;">alt</text><text x="656.5" y="448" text-anchor="middle" class="loopText" style="font-family: &quot;trebuchet ms&quot;, verdana, arial, sans-serif; font-size: 16px; font-weight: 400;"><tspan x="656.5">[Secondary needs a new intermediate (check if current intermediate is signed by primary root)]</tspan></text></g><g><rect x="0" y="843" fill="#eaeaea" stroke="#666" width="150" height="65" rx="3" ry="3" class="actor"></rect><text x="75" y="875.5" dominant-baseline="central" alignment-baseline="central" class="actor" style="text-anchor: middle; font-size: 14px; font-weight: 400; font-family: Open-Sans, sans-serif;"><tspan x="75" dy="0">Provider</tspan></text></g><g><rect x="435" y="843" fill="#eaeaea" stroke="#666" width="150" height="65" rx="3" ry="3" class="actor"></rect><text x="510" y="875.5" dominant-baseline="central" alignment-baseline="central" class="actor" style="text-anchor: middle; font-size: 14px; font-weight: 400; font-family: Open-Sans, sans-serif;"><tspan x="510" dy="0">Primary Leader</tspan></text></g><g><rect x="897" y="843" fill="#eaeaea" stroke="#666" width="150" height="65" rx="3" ry="3" class="actor"></rect><text x="972" y="875.5" dominant-baseline="central" alignment-baseline="central" class="actor" style="text-anchor: middle; font-size: 14px; font-weight: 400; font-family: Open-Sans, sans-serif;"><tspan x="972" dy="0">Secondary Leader</tspan></text></g></svg>
\ No newline at end of file