cant connect to kafka broker with self-signed certifiacte (TLS)

[mightyplayer]

Hello getting troubles with bridge in TLS configuration.
My conf:

logging: {
time: true,
debug: true,
trace: true,
colors: true,
pid: false,
}

monitoring: {
httpport: 9222,
}

nats: {
Servers: ["nats.cert.svc.cluster.local:4222"],
ConnectTimeout: 5000,
MaxReconnects: 120,
ReconnectWait: 5000,
}

connect: {
type: "NATSToKafka",
brokers: ["kafka-1.bank:9093", "kafka-2.bank:9093"],
id: "my_id",
tls: {
Root: "/etc/nats-kafka/tls/root-ca.pem"
},
topic: "my-topic",
subject: "nats-subj",
}

app works in openshift so i created two configmaps, one of them with root cert chain in pem format, and another one with config above

got error:
2023/05/10 00:00:00.031756 [ERR] connector publish failure, nats-subj to Kafka:my-topic, failed to create producer: kafka: client has run out of available brokers to talk to: 3 errors occurred:

• unexpected EOF
• unexpected EOF
• unexpected EOF

ive been testing it in openshift so i created my own container based on ubuntu with curl, openssl, and did update-ca-certificates with my company root-ca certs and still getting the same error

openssl makes tls handshake with no errors, so im a bit confused

maybe somehow i can skip tls verify ?