Istio external certificate

Hi ,

We are using zuul api gateway instead of istio ingress gateway and we need to make zuul https secured. This is internally required to provide facebook login on our website.We followed the external certificate document (
and thus deleted the istio-default cert from default name space and installed a new cacert using the root, intermediate, key and ca-cert file.The cacert file gets successfully created in default namespace
Once cacert is created we restarted the istio services e.g pilot and citadel. The issue is istio-citadel goes into crashbackloop and error shows as ‚Äúcertificate signed by unknown authority‚ÄĚ. The certificate has been validated by ssl team and the same is correct.

Please share if there could be any solution to the same.