Hello,
if you do have a certificate authority for the upstream service certificate, you may set its certificate using tls_custom_certificate_authority option for a route.
If the upstream cert is entirely self-signed, and you do not have the cert itself, then you may disable TLS verification using tls_skip_verification. like
