Currently my company is using a threat intelligence platform application which deployed on RKE2.
We are figuring out if that is possible to replace the current rke2 default self-sign CA cer to company own custom CA cert.
I am new in this field and tried the step in Certificate Management | RKE2 to generate custom cert on top of my company CA cert but getting DOCTYPE html syntax error for the given script below.
curl -sL https://github.com/k3s-io/k3s/raw/master/contrib/util/generate-custom-ca-certs.sh | PRODUCT=rke2 bash -
/var/lib/rancher/rke2/server/tls/server-ca.crt
/var/lib/rancher/rke2/server/tls/server-ca.nochain.crt
/var/lib/rancher/rke2/server/tls/serving-kube-apiserver.crt
/var/lib/rancher/rke2/agent/serving-kubelet.crt
/var/lib/rancher/rke2/server/tls/etcd/client.crt
/var/lib/rancher/rke2/server/tls/etcd/server-client.crt
/var/lib/rancher/rke2/server/tls/etcd/peer-server-client.crt
My concern here is if this renew/replacement with Company custom CA cert is do-able with my running cluster in production environment and how can it be done.
Worrying if change of the CA cert will cause the production outage and downtime. But management have the security concern on rke2 self-sign cert instead of company signed cert.