It is impossible to install Matomo with a remote server which enforces TLS for the DB connection.
The UI does not support SSL settings. Manually adding the config.ini.php results in a successful connection, however makes Matomo believe the setup is already done. There is no obvious way to import the scheme then.
Currently I have to disable TLS support in the DB until Matomo is done with the setup.
a) Allow a partial configuration
b) Allow to create the scheme from console
Feel free to make this a feature ... All that is need is a checkbox to enable TLS and maybe a way to choose a CA file (I think that is required by the PHP api if you use TLS).
Without TLS, you are forced to run the DB locally or have some other ways of network encryption in place. This is really required to run Matomo in the cloud without a lot of extra overhead (zero trust networking),
btw, I had to turn of TLS for the installation, because I did not find a way to start the install steps if I configure the DB prior to install.