OSPBUGS-29524# Add CA cert disclaimer

Lisa Pettyjohn · Lisa Pettyjohn · commit 4fd88109913c · 2024-03-14T21:01:10.000-04:00
diff --git a/security/certificate_types_descriptions/service-ca-certificates.adoc b/security/certificate_types_descriptions/service-ca-certificates.adoc
@@ -27,6 +27,11 @@ The service CA expiration of 26 months is longer than the expected upgrade inter
 A manually-rotated service CA does not maintain trust with the previous service CA. You might experience a temporary service disruption until the pods in the cluster are restarted, which ensures that pods are using service serving certificates issued by the new service CA.
 ====
 
+[IMPORTANT]
+====
+Applications using the `service-ca` certificate must be capable of dynamically reloading CA certificates. Otherwise, when automated rotation occurs, the application pods might require a restart in order to rebuild certificate trust.
+====
+
 == Management
 
 These certificates are managed by the system and not the user.
