The Capella root CA is built into the SDK. So where the comment says “you can skip this”, you can skip that.
You can test the correctness of a certificate with the openssl command. Couchbase SDK Doctor can be used to troubleshoot connectivity to the cluster. Curl can also be used to check connectivity and certificate valudation - although when used against the kv service (which is not http), if the certificate validates, curl will give an message to the effect “empty response from server”
For testing only in development environments, the SDK has an option to not perform validation on the server ssl certificate (like the curl -k option) But doing so is not secure.