I am currently in the same boat with setting up egress gateway using mTLS at origination. In our case we want to terminate ssl connection at gateway and then establish new mTLS connection via destination rule and following the doc doesn’t seems to be working. Currently setting this in GKE ASM managed and using gateway api for gateway deployment. When test http://externalservixe.com errors out 503 server unavailable error. Openssl vtls1.3 failed to verify certificate. Any tips or steps is appreciated. Istio documentation is very confusing. Thanks!