Added KB article URL

website/content/docs/release-notes/1.11.0.mdx

@@ -114,7 +114,7 @@ You are using the Vault CA provider if either of the following configurations ex
 - The Consul server agent configuration option [connect.ca_provider](/consul/docs/agent/config/config-files#connect_ca_provider) is set to “vault”, or
 - The Consul on Kubernetes Helm Chart [global.secretsBackend.vault.connectCA](/consul/docs/k8s/helm#v-global-secretsbackend-vault-connectca) value is configured.
 
--> **NOTE:** Refer to the [Knowledge Base article]() for more information about the underlying cause and recommended workaround.
+-> **NOTE:** Refer to the [Knowledge Base article](https://support.hashicorp.com/hc/en-us/articles/11308460105491) for more information about the underlying cause and recommended workaround.
 
 ## Feature Deprecations and EOL
 

website/content/docs/secrets/pki/index.mdx

@@ -8,13 +8,14 @@ description: The PKI secrets engine for Vault generates TLS certificates.
 
 @include 'x509-sha1-deprecation.mdx'
 
-!> **Consul users:** Do not use [Vault
+!> **Vault 1.11.0+ incompatible as Consul CA provider:** Do not use [Vault
 v1.11.0+](/vault/docs/release-notes/1.11.0#known-issues) as Consul’s Connect CA
 provider — the intermediate CA will become unable to issue the leaf nodes
 required by service mesh and all actions (if using auto-encrypt or auto-config,
-and using mTLS for server-to-server communication). Refer to the [Knowledge Base
-article]() for more information about the underlying cause and recommended
-workaround.
+and using mTLS for server-to-server communication). If you are already using
+Vault 1.11.0+ as a Connect CA, refer to the [Knowledge Base
+article](https://support.hashicorp.com/hc/en-us/articles/11308460105491) for
+more information about the underlying cause and recommended workaround.
 
 The PKI secrets engine generates dynamic X.509 certificates. With this secrets
 engine, services can get certificates without going through the usual manual