Using TLS and mTLS without domain name certificates

I am just getting to TLS and mTLS. Now I do NOT have a domain name. Letsencrypt is not an option because of this. Maybe later. And I think this is typical of people using Istio in the early stages. You dont have a domain name in the beginning as you evaluate rolling it out for an api and checking the mTLS features. I would like to clarify a few things about TLS and mTLS.

  1. Where are the demo keys located? Are they attached to any domain names or not?

  2. If I dont have demo keys because demo configuration not selected how can I generate them? yes, not everyone will select demo in the beginning.

  3. Can I just use openSSL to generate the keys without specifying a domain name for the certificates and this will be accepted?

  4. Do I need to involved the Kubernetes Cert Manager in this process? Yes, or no or recommended?

  5. Should I file mount the certificates on the Ingress pod or use a secret?

  6. How do I get the key(s) transferred to my mobile app? Is there an api for this key transfer operation?