SSL/TLS error while trying to connect to Azure Kubernetes API server

Question

I am able to access AKS server successfully.

kubectl get nodes
NAME                                STATUS   ROLES   AGE   VERSION
aks-agentpool-27764677-vmss000000   Ready    agent   11m   v1.25.6
aks-userpool-27764677-vmss000000    Ready    agent   11m   v1.25.6

But curl operation to AKS webserver API endpoint is failing due to SSL/TLS error

curl  https://di-poc-dns-89f8361f.hcp.centralus.azmk8s.io:443/ curl : The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. At line:1 char:1
+ curl  https://di-poc-dns-89f8361f.hcp.centralus.azmk8s.io:443/
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebException
    + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand

From where should I download the certificate and add to windows trusted store to fix this error? Due to this connectivity issue, most of the helm install commands are failing in powershell.

helm upgrade --install appgw-ingress-internet -f helm-config-internet.yaml application-gateway-kubernetes-ingress/ingress-azure
Release "appgw-ingress-internet" does not exist. Installing it now.
E0626 12:25:44.907210   12260 memcache.go:238] couldn't get current server API group list: Get "https://dian-poc-dns-89f8361f.hcp.centralus.azmk8s.io:443/apis?timeout=32s": read tcp 192.168.19.32:64663->52.143.251.102:443: wsarecv: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
Error: failed to install CRD crds/azureapplicationgatewayrewrite.yaml: unable to recognize "": Get "https://dian-poc-dns-89f8361f.hcp.centralus.azmk8s.io:443/apis?timeout=32s": read tcp 192.168.19.32:64663->52.143.251.102:443: wsarecv: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.