diff --git a/templates/config-map.yaml b/templates/config-map.yaml
index b4c41cc..e2ac822 100644
--- a/templates/config-map.yaml
+++ b/templates/config-map.yaml
@@ -33,3 +33,14 @@ data:
 {{- if .Values.env.configFilePath }}
 {{ .Files.Get .Values.env.configFilePath | indent 2 }}
 {{- end }}
+
+{{- if and .Values.openshift.enabled .Values.openshift.serviceServingCertificates }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: terraform-enterprise-ca-certificates
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    service.beta.openshift.io/inject-cabundle: "true"
+{{- end}}
\ No newline at end of file
diff --git a/templates/deployment.yaml b/templates/deployment.yaml
index 0a6b3e5..1dde46b 100644
--- a/templates/deployment.yaml
+++ b/templates/deployment.yaml
@@ -59,6 +59,11 @@ spec:
           secret:
             secretName: terraform-enterprise-ca-certificates
         {{- end }}
+        {{- if and .Values.openshift.enabled .Values.openshift.serviceServingCertificates }}
+        - name: ca-certificates
+          configMap:
+            name: terraform-enterprise-ca-certificates
+        {{- end}}
         {{- if .Values.csi.enabled }}
         - name: secrets-store
           csi:
@@ -139,6 +144,10 @@ spec:
             mountPath: {{ include "cacert.path" . }}
             subPath: {{ .Values.tls.caCertFileName }}
           {{- end }}
+          {{- if and .Values.openshift.enabled .Values.openshift.serviceServingCertificates }}
+          - name: ca-certificates
+            mountPath:  {{ .Values.tls.caCertBaseDir }}/service-ca.crt
+            subPath: service-ca.crt
           {{- if .Values.csi.enabled }}
           - name: secrets-store
             mountPath: "{{ .Values.csi.mountPath }}"
diff --git a/templates/route.yaml b/templates/route.yaml
new file mode 100644
index 0000000..e91b19d
--- /dev/null
+++ b/templates/route.yaml
@@ -0,0 +1,20 @@
+{{- if and .Values.openshift.enabled .Values.openshift.serviceServingCertificates }}
+---
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: terraform-enterprise
+  namespace: {{ .Release.Namespace }}
+spec:
+  host: {{ .Values.env.variables.TFE_HOSTNAME }}
+  to:
+    kind: Service
+    name: terraform-enterprise
+    weight: 100
+  port:
+    targetPort: https-port
+  tls:
+    termination: reencrypt
+    insecureEdgeTerminationPolicy: Redirect
+  wildcardPolicy: None
+{{- end }}
\ No newline at end of file
diff --git a/templates/service.yaml b/templates/service.yaml
index 93ccbe1..9500cfd 100644
--- a/templates/service.yaml
+++ b/templates/service.yaml
@@ -8,9 +8,14 @@ kind: Service
 metadata:
   name: terraform-enterprise
   namespace: {{ .Release.Namespace }}
-  {{- with .Values.service.annotations }}
+  {{- if or .Values.service.annotations (and .Values.openshift.enabled .Values.openshift.serviceServingCertificates) }}
   annotations:
+    {{- with .Values.service.annotations }}
     {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- if and .Values.openshift.enabled .Values.openshift.serviceServingCertificates }}
+    service.beta.openshift.io/serving-cert-secret-name: terraform-enterprise-certificates
+    {{- end }}
   {{- end }}
   {{- with .Values.service.labels }}
   labels:
diff --git a/values.yaml b/values.yaml
index 9e24126..9e4fc83 100644
--- a/values.yaml
+++ b/values.yaml
@@ -225,6 +225,9 @@ agentWorkerPodTemplate: {}
 openshift:
   # If true, the Helm chart will create necessary configuration for running its components on OpenShift.
   enabled: false
+  # If true, the Helm chart will create necessary configuration for using service serving certificates from the OpenShift service. 
+  # openshift.enabled must be true for this to take effect.
+  serviceServingCertificates: false
 
 env:
   # configFilePath: env-config.yaml