This message was deleted.

Kubernetes clusters, rke2 included, use multiple private CAs to secure communication within the cluster. They are created automatically when rke2 first starts.

thanks. just had another look at here https://github.com/k3s-io/k3s/blob/master/contrib/util/generate-custom-ca-certs.sh, got how it works now.