website: correct a few last things in CA docs

website/source/docs/connect/ca.html.md

@@ -17,7 +17,7 @@ such as when a service needs a new certificate or during CA rotation events.
 The CA provider abstraction enables Consul to support multiple systems for
 storing and signing certificates. Consul ships with a
 [built-in CA](/docs/connect/ca/consul.html) which generates and stores the
-root certificate and private key on the Consul servers. Consul also also
+root certificate and private key on the Consul servers. Consul also has
 built-in support for
 [Vault as a CA](/docs/connect/ca/vault.html). With Vault, the root certificate
 and private key material remain with the Vault cluster. A future version of

website/source/docs/connect/ca/consul.html.md

@@ -50,7 +50,8 @@ is used if configuring in an agent configuration file.
     must be a valid
     [SPIFFE SVID signing certificate](https://github.com/spiffe/spiffe/blob/master/standards/X509-SVID.md)
     and the URI in the SAN must match the cluster identifier created at
-    bootstrap with the ".consul" TLD.
+    bootstrap with the ".consul" TLD. The cluster identifier can be found
+    using the [CA List Roots endpoint](/api/connect/ca.html#list-ca-root-certificates).
 
 ## Specifying a Custom Private Key and Root Certificate