./easyrsa build-ca
 
Note: using Easy-RSA configuration from: /usr/share/easy-rsa/3.0.8/vars
Using SSL: openssl OpenSSL 1.1.1k  FIPS 25 Mar 2021
 
Enter New CA Key Passphrase: # password
Re-Enter New CA Key Passphrase: # password
Generating RSA private key, 2048 bit long modulus (2 primes)
..................................................................................................................................+++++
...............................................................+++++
e is 65537 (0x010001)
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Common Name (eg: your user, host, or server name) [Easy-RSA CA]: # Server-CA
 
CA creation complete and you may now import and sign cert requests.
Your new CA certificate file for publishing is at:
/usr/share/easy-rsa/3.0.8/pki/ca.crt

証明書要求をインポートする

cd /usr/share/easyrsa/3.0.8
./easyrsa import-req /tmp/my-server.csr my-server

インポートしたCSRに署名し、証明書を発行する

./easyrsa sign-req server my-server