we are facing a challenge with istio egress with an external https proxy. where CA is private and we want to validate it inside the envoy instead of the application container, We tried the same scenario with squid which was using public CA and working fine for us because cert was validating inside the application container. but now we are using an external HTTPS proxy and cert validation getting failed. looking for the configuration that can help me to validate certs without adding in the application pod.
Thank you in advance for the help