openssl genrsa -aes256 -out customerCA.key 2048

# output:
Enter PEM pass phrase: Skill53##
Verifying - Enter PEM pass phrase: Skill53##

openssl req -new -x509 -days 3652 -key customerCA.key -out customerCA.crt

# output:
Enter pass phrase for customerCA.key: Skill53##
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:

<cluster_id>_ClusterCsr.csr 파일 Bastion Server에 업로드 후 진행

openssl x509 -req -days 3652 -in <cluster_id>_ClusterCsr.csr \\
                              -CA customerCA.crt \\
                              -CAkey customerCA.key \\
                              -CAcreateserial \\
                              -out <cluster_id>_CustomerHsmCertificate.crt
                              
# output:
Certificate request self-signature ok
subject=C=US + ST=CA + OU=LS2 + L=SanJose + O=Marvell, CN=HSM:RCN2342B07130:PARTN:19, for FIPS mode
Enter pass phrase for customerCA.key: Skill53##  

위에서 생성한 <cluster ID>_CustomerHsmCertificate.crt를 넣고, Issuing certificate에는customerCA.crt를 넣고, Upload and intialize