X509 certificate onboarding in vault with vault agent

Following below link:

On my local i was able to integrate it with the target pod and able achieve the purpose of secret fetch from vault agent from vault server.

On Production when vault is trying to do login viea the agent init-container i am getting below error:
error authenticating: error=“Put “https://domainname:32523/v1/auth/kubernetes/login”: x509: certificate signed by unknown authority”.

Please suggest what to do in this regard.
Probably agent needs some truststore chain onboarding.
But it will be a great help if anybody can suggest how to do that or any other solution.
Not an expert in this matter.
VAULT_SKIPVERIFY is the quickfix i am using but probably that is not a good way.

9 times out of 10 that means you don’t have your ca installed in the offending host machine. If you copy or symlink whatever ca you’re issuing certs from into (on Ubuntu anyway) /usr/local/share/ca-certificates/ (once or twice I’ve had to create a [...]/local/sub-folder and put the ca in there) and then run sudo update-ca-certificates.

You should see some output that a new ca was installed. Then restart your session and it should start to work. Non-Ubuntu steps will be slightly different, but the same basic gist of it should be the same.