Enabling TLS on replicaset cluster that uses SCRAM

I have a 3 node replicaset with SCRAM authentication and am attempting to enable TLS. I am connecting to a self managed TTPS-enabled Ops Manager Using a Custom CA. The CA that signed that custom certificate has been added to the Kubernetes Operator as set by the sslMMSCAConfigMap: and sslRequireValidMMSServerCertificates: ‘true’
A replicaset has also been created and deployed with security.authentication.enabled:true and security.authentication.modes: [“SCRAM”]. Operator logs show the MongoDB agents are in a ready state as well as OpsManager showing the 3 node replicaset set up and ready.

My issue is how to enable TLS on this replicaset now. I tried to automatically generate the TLS certs using the Kubernetes Operator by settings security.tls.enabled to “true”. Once I did this, I received this message
“The Operator is generating TLS certificates for server authentication. This feature has been deprecated and should only be used in testing environments.”
"Not all certificates have been approved by Kubernetes CA for "
“Certificate for waiting for approval”
“Certificate for waiting for approval”
“Certificate for waiting for approval”
"Not all certificates have been approved by Kubernetes CA for "

I can also see it generated a secret named -cert with the pem’s of the 3 replicasets. However TLS is not enabled because of the errors in the log files.

How can I get past this? Or better, how can I use my own CA to generate certs for the replicasets which will enable TLS.

My MongoDB replicaset resource has tls.enabled set to true and connectivity.replicaSetHorizons set to my 3 worker nodes in order to enable external connectivity. I tried following the page, https://docs.mongodb.com/kubernetes-operator/master/tutorial/secure-tls/#secure-tls, which wants you to create a PEM file for Your custom CA and for Each member of your replica set. It mentions to create the PEM file, concatenate the TLS certificate and the Private Key. How can one do this, I feel like there are some steps missing on how to generate for each replica member a CSR and Private Key. Then finally, sign each CSR using the CA private key. How can I generate those in order for me to continue with the steps on the page https://docs.mongodb.com/kubernetes-operator/master/tutorial/secure-tls/#secure-tls