Admin Certificate Generation in K8s

Hi ,

I have used Let’s Encrypt to generate domain certificate

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: opensearch-cert
  namespace: opensearch
spec:
  dnsNames:
  - <mydomain>
  secretName: opensearch-tls
  privateKey:
    encoding: PKCS8
    algorithm: RSA
    size: 2048
  issuerRef:
    name: letsencrypt-prod
    kind: ClusterIssuer

It generated 1 secrets, it has 2 data tls.crt and tls.key. 3 certificates are present in tls.crt namely domain cert , Intermediate R3 CA and Root CA.
My opensearch is working correctly over https.

I am not able to run securityadmin.sh with the domain certificate , opensearch say i need to generate admin certificate.

what I already tried :
1. I tried to use tls.crt and tls.key to generate an admin certificate in my local machine using openssl and mounted it to k8s. - I get an error unknown certificate when i try to run securityadmin.sh with the admin certificate.
2. I tried to use kirk.pem and kir-pem.key as admin certificate , I get java path error.

Now how can i generate the admin certificate ?

UPDATE:

SOLVED.
Used searchguard tls tool / bash scripts to generate certs and used the admin cert.