diff --git a/pkg/reconciler/ingress/resources/destinationrule.go b/pkg/reconciler/ingress/resources/destinationrule.go
index c13f463f24..6bbfa1bad5 100644
--- a/pkg/reconciler/ingress/resources/destinationrule.go
+++ b/pkg/reconciler/ingress/resources/destinationrule.go
@@ -23,15 +23,11 @@ import (
 	"knative.dev/networking/pkg/apis/networking"
 	"knative.dev/networking/pkg/apis/networking/v1alpha1"
 	"knative.dev/networking/pkg/certificates"
+	"knative.dev/networking/pkg/config"
 	"knative.dev/pkg/kmap"
 	"knative.dev/pkg/kmeta"
 )
 
-const (
-	// has to match config/700-istio-secret.yaml
-	knativeServingCertsSecret = "routing-serving-certs"
-)
-
 // MakeInternalEncryptionDestinationRule creates a DestinationRule that enables upstream TLS
 // on for the specified host
 func MakeInternalEncryptionDestinationRule(host string, ing *v1alpha1.Ingress, http2 bool) *v1beta1.DestinationRule {
@@ -47,7 +43,7 @@ func MakeInternalEncryptionDestinationRule(host string, ing *v1alpha1.Ingress, h
 			TrafficPolicy: &istiov1beta1.TrafficPolicy{
 				Tls: &istiov1beta1.ClientTLSSettings{
 					Mode:           istiov1beta1.ClientTLSSettings_SIMPLE,
-					CredentialName: knativeServingCertsSecret,
+					CredentialName: config.ServingRoutingCertName,
 					SubjectAltNames: []string{
 						// SAN used by Activator
 						certificates.DataPlaneRoutingSAN,
diff --git a/pkg/reconciler/ingress/resources/destinationrule_test.go b/pkg/reconciler/ingress/resources/destinationrule_test.go
index 535567a337..6e6f61f35b 100644
--- a/pkg/reconciler/ingress/resources/destinationrule_test.go
+++ b/pkg/reconciler/ingress/resources/destinationrule_test.go
@@ -27,6 +27,7 @@ import (
 	"knative.dev/networking/pkg/apis/networking"
 	"knative.dev/networking/pkg/apis/networking/v1alpha1"
 	"knative.dev/networking/pkg/certificates"
+	"knative.dev/networking/pkg/config"
 	"knative.dev/pkg/kmeta"
 )
 
@@ -69,7 +70,7 @@ func TestMakeInternalEncryptionDestinationRuleHttp1(t *testing.T) {
 			TrafficPolicy: &istiov1beta1.TrafficPolicy{
 				Tls: &istiov1beta1.ClientTLSSettings{
 					Mode:            istiov1beta1.ClientTLSSettings_SIMPLE,
-					CredentialName:  knativeServingCertsSecret,
+					CredentialName:  config.ServingRoutingCertName,
 					SubjectAltNames: []string{certificates.DataPlaneRoutingSAN, certificates.DataPlaneUserSAN(ing.Namespace)},
 				},
 			},
@@ -102,7 +103,7 @@ func TestMakeInternalEncryptionDestinationRuleHttp2(t *testing.T) {
 			TrafficPolicy: &istiov1beta1.TrafficPolicy{
 				Tls: &istiov1beta1.ClientTLSSettings{
 					Mode:            istiov1beta1.ClientTLSSettings_SIMPLE,
-					CredentialName:  knativeServingCertsSecret,
+					CredentialName:  config.ServingRoutingCertName,
 					SubjectAltNames: []string{certificates.DataPlaneRoutingSAN, certificates.DataPlaneUserSAN(ing.Namespace)},
 				},
 				ConnectionPool: &istiov1beta1.ConnectionPoolSettings{