Vault Agent Injector with External Vault CA Issues

I have an external vault outside of Kubernetes and I’m trying to get vault-injector pods to authenticate and get secrets from that vault.

The init pods are getting this error:
x509: certificate signed by unknown authority

This is because my external vault has a custom cert attached to it. I see there is an annotation for this but it’s looking for a file. Where would I specify that file in my case with an external vault?