Istio integrates with PING authentication wtih X509 error

Hi All,
I’ve been trying to make my EKS cluster work with PING authentication. the following is the KustomerizeConfig I updated in kfctl_istio_dex.v1.0.2.yaml, but it kept giving me failed to initialize server: server: Failed to open connector Ping: failed to open connector:failed to get provider: Get https://adev..com/.well-known/openid-configuration: x509:
certificate signed by unknown authority. The https://adev.
.com/.well-known/openid-configuration is accessible from my browser.
Can anyone please see if I missed something? I tried to simply modifed dex-cofnig.yaml with PING configuration added to OIDC section under connector, but it gave me the same X509
Thank you very muh for any advice/help!

  • kustomizeConfig:
    overlays:
    • application
      parameters:
    • name: namespace
      value: istio-system
    • name: userid-header
      value: kubeflow-userid
    • name: oidc_provider
      value: https://adev.****.com
    • name: oidc_redirect_uri
      value: https://*.com/login/oidc
    • name: oidc_auth_url
      value: https://*.com/as/authorization.oauth2
    • name: skip_auth_uri
      value: /dex
    • name: client_id
      value: ActualClientId
    • name: client_secret
      value: ActualCredentail
      repoRef:
      name: manifests
      path: istio/oidc-authservice
      name: oidc-authservice