The latest versions of OpenVPN automatically install EASYRSA version 3.This version introduces important changes compared to version 2.

In order to generate certificates with this version, it is first necessary to change the permissions of the directory where it is installed by giving complete control (or at least write control) to all users. The default directory is c:\Program Files\OpenVPN\easy-rsa

Open a command prompt and move to the directory indicated and give the command
"EasyRSA-Start.bat" to start the generation tool.

At this point, the following commands must be executed in succession, entering the required information each time

• easyrsa init-pki
  The command initialises directories and variables used by subsequent commands
  
• Edit the safessl-easyrsa.cnf file by setting the number of days the certificate will last
  
  
  
  
• easyrsa build-ca nopass
  The command creates the CA.CRT and CA.KEY keys for subsequent certificate generation.
  The keys are contained in the directory c:\Program Files\OpenVPN\easy-rsa\pki and in the directory c:\Program Files\OpenVPN\easy-rsa\private
  
• easyrsa build-server-full server nopass
  The command creates the server certificate. The parameter marked 'server' indicates the name of the certificate.
• easyrsa build-client-full client0001 nopass
  The command creates the certificate for client0001.