Set up remote cluster CA certificate in Elasticsearch 8.8.1

I have a local cluster. Now I would like to set up a remote cluster to connect to the local cluster. How do I set up the CA certificate on the remote cluster node to make these two cluster to trust each other?
Here is my local cluster Elasticsearch node conf (elasticsearch service has started):

cluster.name: ElasticSearch
node.name: node01
node.roles: [ master, data, ingest, remote_cluster_client ]
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
bootstrap.memory_lock: true
network.host: 0.0.0.0
http.port: 9200
xpack.security.enabled: true
xpack.security.enrollment.enabled: true
xpack.security.http.ssl:
  enabled: true
  keystore.path: certs/http.p12
xpack.security.transport.ssl:
  enabled: true
  verification_mode: certificate
  keystore.path: certs/transport.p12
  truststore.path: certs/transport.p12
xpack.monitoring.exporters.my_local:
  type: local
  use_ingest: false
discovery.seed_hosts: ["node01", "node02"]
http.host: 0.0.0.0
transport.host: 0.0.0.0

And this is my remote cluster node conf (elasticsearch service has not started, yet):

cluster.name: remote-elasticsearch
node.name: remote01
node.roles: [ master, data, ingest, remote_cluster_client ]
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 0.0.0.0
http.port: 9200
xpack.security.enabled: true
xpack.security.enrollment.enabled: true
xpack.security.http.ssl:
  enabled: true
  keystore.path: certs/http.p12
xpack.security.transport.ssl:
  enabled: true
  verification_mode: full
  keystore.path: certs/transport.p12
  truststore.path: certs/transport.p12
cluster.initial_master_nodes: ["remote01"]
xpack.monitoring.exporters.my_local:
  type: local
  use_ingest: false
http.host: 0.0.0.0
transport.host: 0.0.0.0

Thank you.