in our recent cluster setup we have several backend services that authenticate end users with a JWT. Currently, our backend services verify the JWT itself using a library. In the future, we want to use Istios JWT authentication/authorization described here: Istio / JWT Token. I have setup the Istio configuration for the JWT authorization. Now, the JWT verification fails and I see the following message in the sidecar logs:
The URL of the JWKS endpoint of our authorization server is correct. I believe the sidecar cannot access the JWKS endpoint of our authorization server because we are using a self-signed SSL certificate in our development environment that the sidecar is not aware of. My question is if and how I can configure the custom SSL certificate on the sidecar.