Kops - How to use kubernetes-ca's keyset.yaml to sign new certificates?

I have created a cluster on AWS using Kops v1.26.2 and I need to use ca.crt and ca.key to sign new users to join the cluster.

In older versions of Kops the ca.key and ca.cert were created automatically in the AWS S3 bucket, now we have a folder called “kubernetes-ca” with inside a keyset.yaml.

How to use this file to sign new certificates?
Do I need this yaml keyset file to sign new certificates or I need something else?

I need to use the command: openssl x509 -req -in file.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out file.crt -days 500