diff --git a/website/source/docs/connect/ca.html.md b/website/source/docs/connect/ca.html.md
index 3cc1e9bb99..b255b8ac13 100644
--- a/website/source/docs/connect/ca.html.md
+++ b/website/source/docs/connect/ca.html.md
@@ -17,7 +17,7 @@ such as when a service needs a new certificate or during CA rotation events.
 The CA provider abstraction enables Consul to support multiple systems for
 storing and signing certificates. Consul ships with a
 [built-in CA](/docs/connect/ca/consul.html) which generates and stores the
-root certificate and private key on the Consul servers. Consul also also
+root certificate and private key on the Consul servers. Consul also has
 built-in support for
 [Vault as a CA](/docs/connect/ca/vault.html). With Vault, the root certificate
 and private key material remain with the Vault cluster. A future version of
diff --git a/website/source/docs/connect/ca/consul.html.md b/website/source/docs/connect/ca/consul.html.md
index 5d7257e1a2..ea48850a94 100644
--- a/website/source/docs/connect/ca/consul.html.md
+++ b/website/source/docs/connect/ca/consul.html.md
@@ -50,7 +50,8 @@ is used if configuring in an agent configuration file.
     must be a valid
     [SPIFFE SVID signing certificate](https://github.com/spiffe/spiffe/blob/master/standards/X509-SVID.md)
     and the URI in the SAN must match the cluster identifier created at
-    bootstrap with the ".consul" TLD.
+    bootstrap with the ".consul" TLD. The cluster identifier can be found
+    using the [CA List Roots endpoint](/api/connect/ca.html#list-ca-root-certificates).
 
 ## Specifying a Custom Private Key and Root Certificate