Egress gateway to endpoint with self signed certificate

I need some help to enabel egress gateway to endpoint with selfi signed certificate.
I install Istio with below config:

apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
metadata:
  namespace: istio-system
spec:
  profile: demo
  components:
    pilot:
      k8s:
        env:
        - name: VERIFY_CERTIFICATE_AT_CLIENT
          value: "true"
    egressGateways:
    - name: istio-egressgateway
      enabled: true
      k8s:
        env:
        - name: VERIFY_CERTIFICATE_AT_CLIENT
          value: "true"
  values:
    global:
      logging:
        level: "default:debug"
  meshConfig:
    outboundTrafficPolicy:
      mode: REGISTRY_ONLY
    defaultConfig:
      proxyMetadata:
        # Enable Istio agent to handle DNS requests for known hosts
        # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf
        ISTIO_META_DNS_CAPTURE: "true"
        ISTIO_META_DNS_AUTO_ALLOCATE: "true"

and I created the serviceEntry/Gateway/VirtualService/DestinationRule:

---
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
  name: dashboard
spec:
  hosts:
  - selfsignedhost.com
  ports:
  - number: 80
    name: http
    protocol: HTTP
  - number: 443
    name: tcp-port
    protocol: TCP
  addresses:
  - 20.71.x.x  
  location: MESH_EXTERNAL
  resolution: STATIC
  endpoints:
  - address: 20.71.x.x  
---
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
    name: istio-egressgateway
spec:
  selector:
    istio: egressgateway
  servers:
  - port:
      number: 80
      name: http-port-for-tls-origination
      protocol: HTTP
    hosts:
    - selfsignedhost.com
---

apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
    name: dashboardegressgatewaydestinationrule
spec:
    host: istio-egressgateway.istio-system.svc.cluster.local
    subsets:
    - name: dashboard
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
    name: dashboard
spec:
    hosts:
    - selfsignedhost.com
    gateways:
    - istio-egressgateway
    - mesh
    http:
    - match:
      - gateways:
        - mesh
        port: 80
      route:
      - destination:
            host: istio-egressgateway.istio-system.svc.cluster.local
            subset: dashboard
            port:
                number: 80
        weight: 100
    - match:
      - gateways:
        - istio-egressgateway
        port: 80
      route:
      - destination:
          host: selfsignedhost.com
          port:
            number: 443
        weight: 100

---

apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
    name: dashboarddestinationrule
spec:
  host: selfsignedhost.com
  trafficPolicy:
    loadBalancer:
        simple: ROUND_ROBIN
    portLevelSettings:
    - port:
        number: 443
      tls:
        mode: SIMPLE # initiates HTTPS for connections to selfsignedhost.com
        insecureSkipVerify: true

Error in egress gateway:

image1953×63 34.1 KB

Hi, did you find the solution for this?