Reported by: balki404

https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html-single/service_mesh/index#annotations:2dd620c5-101a-4f7d-a77f-2f6e597d2d72

The istio-proxy container in the $RATINGSPOD/any of the application pods doesn't have the cert-chain.pem in the path /etc/certs. This instruction seems to be misleading. 

https://docs.openshift.com/container-platform/4.8/service_mesh/v2x/ossm-security.html#ossm-cert-manage-verify-cert_ossm-security

There is a screen shot attached to the Bugzilla.

Comment is in regards to Step 2 in this procedure:

Heading = Verifying your certificates

Use the Bookinfo sample application to verify your certificates are mounted correctly. First, retrieve the mounted certificates. Then, verify the certificates mounted on the pod.

1. Store the pod name in the variable RATINGSPOD.
   $ RATINGSPOD=`oc get pods -l app=ratings -o jsonpath='{.items[0].metadata.name}'`
2. Run the following commands to retrieve the certificates mounted on the proxy.
   $ oc exec -it $RATINGSPOD -c istio-proxy – /bin/cat /var/run/secrets/istio/root-cert.pem > /tmp/pod-root-cert.pem
   The file /tmp/pod-root-cert.pem contains the root certificate propagated to the pod.
   $ oc exec -it $RATINGSPOD -c istio-proxy – /bin/cat /etc/certs/cert-chain.pem > /tmp/pod-cert-chain.pem