Calls From Envoy Proxy With mTLS Strict Mode

I’m using the envoy proxy to call onoher service in the service mesh when the original service goes down, it works but not when it’s mtls mode is Strict.

I’m using a lua script in the envoy proxy to do this, but I can reproduce the same by curl to the service from the envoy proxy, making the same call from another container (not istio-proxy) works properly. I’m thinking that is something about certs, but not sure how to get them. The error message is “upstream connect error or disconnect/reset before headers. reset reason: connection termination”.

Does anyone have an idea?

Thanks in advance!