Regarding unable to perform https consul health check -certificate issue

I am using consul in non clustered manner and using below config fir securing certificate

    "node_name":  "lcnc-server-01",
    "server":  true,
    "bootstrap":  true,
    "bootstrap_expect":  1,
    "ui_config":  {
                      "enabled":  true
    "advertise_addr":  "",
    "bind_addr":  "",
    "client_addr":  "",
    "datacenter":  "dc1",
    "data_dir":  "consul\\data\\",
    "log_file":  "consul\\logs\\",
    "log_level":  "INFO",
    "enable_script_checks":  true,
    "disable_update_check":  true,
    "dns_config":  {
                       "enable_truncate":  true,
                       "only_passing":  true
    "connect":  {
                    "enabled":  true
    "ca_file":  "conf\\rgrootmr.crt",
    "cert_file":  rgmr.crt",
    "key_file":  "rgmr.key",
    "verify_incoming":  false,
    "disable_remote_exec":  true,
    "verify_server_hostname":  false,
    "verify_incoming_rpc":  false,
    "leave_on_terminate":  true,
    "pid_file":  "consul\\pid\\",
    "ports":  {
                  "https":  34000,
                  "server":  34001,
                  "gRPC":  34002,
                  "http":  -1
    "http_config":  {
                        "response_headers":  {
                                                 "Access-Control-Allow-Origin":  "*"

Then I am configuring Health check for service

  "ID": "APP_test:A_std",
  "Name": "APP_test:A_std",
  "ServiceID": "test:A",
  "HTTP": "https://host:port/mon",
  "Method": "GET",
  "Header": {
    "Content-Type": [
  "Interval": "150s",
  "Timeout": "60s",
  "TLSSkipVerify": false,
  "Status": "warning"

because health check is exposed on HTTPS, it is unable to verify the certificate with error:

x509: certificate signed by unknown authority

I have tried adding my root certificate as env variable:

SET CONSUL_CACERT=C:\work\software\consul\goldenversions\consul\conf\rgrootmr.crt

Please note that CA for securing the consul and securing the server running https health check is same, but it is still not working.
How I can sort out the above issue?

Hi @rinkigoyal,

Welcome to the HashiCorp Forum!

The CA certificate of the certificate that signed your services certificate should be installed system-wide for this to work. You will have to follow the OS documentation to do this and then restart Consul agent to pick up these changes.

An example documentation of the same from the fedora distribution of Linux is here: Using Shared System Certificates :: Fedora Docs

I hope this helps.