JWT authorization with custom SSL certificate

in our recent cluster setup we have several backend services that authenticate end users with a JWT. Currently, our backend services verify the JWT itself using a library. In the future, we want to use Istios JWT authentication/authorization described here: Istio / JWT Token. I have setup the Istio configuration for the JWT authorization. Now, the JWT verification fails and I see the following message in the sidecar logs:


The URL of the JWKS endpoint of our authorization server is correct. I believe the sidecar cannot access the JWKS endpoint of our authorization server because we are using a self-signed SSL certificate in our development environment that the sidecar is not aware of. My question is if and how I can configure the custom SSL certificate on the sidecar.


One (hard) way to do this would be by installing a DestinationRule for the JWKS server in mind and loading the self-signed Root (using kubernetes volume) into the proxy container. Refer to ClientTLSSettings Istio / Destination Rule