Kubernetes secures communication between its nodes with TLS certificates. These certificates don't have to be certificates signed by a public CA, and by default RKE auto-generates the certificates for you.
If you preferred to use your own certificates, you can either use a custom certificate directory that has your certs in it, or you can have RKE generate CSRs to be signed by an external CA.
They'll have all the correct Alternative DNS and IP names for the cluster. Once you receive signed certificates from the CA, you can use them as custom certificates.
Custom Certificates : https://rancher.com/docs/rke/latest/en/installation/certs/