Could not securely connect to https://rancher.example.it tls: failed to verify certificate: x509: certificate signed by unknown authority

Hi,
i have installed Rancher with this configuration:

Blockquote
helm install rancher rancher-latest/rancher
–namespace cattle-system
–set hostname=rancher-example.it
–set bootstrapPassword=xxxxx
–set ingress.tls.source=secret
–set privateCA=true
–set auditLog.level=1

I have created the certificate with with the certification Autority of my company and create the secret on the cluster as indicated in Rancher documentation

I’m trying to import AKS cluster but i receive this error on the cattle-agent pod:

INFO: https://rancher-example.it/ping is accessible                                                                                                                                           
INFO: rancher-example.it resolves to 10.xxx.xxx.xxx                                                                                                                                         
INFO: Value from https://rancher-example.it/v3/settings/cacerts is an x509 certificate                                                                                                      
time="2024-12-02T15:37:58Z" level=info msg="Listening on /tmp/log.sock"                                                                                                                                 
time="2024-12-02T15:37:58Z" level=info msg="Rancher agent version v2.10.0 is starting"                                                                                                                  
time="2024-12-02T15:37:58Z" level=info msg="Testing connection to https://rancher-example.it using trusted certificate authorities within: /etc/kubernetes/ssl/certs/serverca"              
time="2024-12-02T15:37:58Z" level=error msg="Could not securely connect to https://rancher-example.it: Get \"https://rancher-example.it\": tls: failed to verify certificate: x509: certificate signed by unknown authority"

in the deployment i find the ENV CATTLE_CA_CHECKSUM valorized.
which could be the problem?

thanks
Cristian

Is this a ‘trusted’ authority that can reference its trust to any of the standard public roots, or is this an ‘internal’ authority? In the second case you need to make the root certificate of your internal CA trusted on each AKS node (how to do that: google could help…)