Install easy-rsa package on your Debian system with the following command:

# apt install easy-rsa

Generate Certificates and Keys OpenVPN relies on certificates and keys for client and server authentication. To generate these files, use the included easy-rsa script:

# make-cadir /tmp/certs
# cd /tmp/certs

Edit the vars file to configure Certificate Authority (CA) variables:

#nano ./vars
------------------------------------------
Uncomment: 

set_var EASYRSA_KEY_SIZE        2048
set_var EASYRSA_REQ_COUNTRY     "NL"
set_var EASYRSA_REQ_PROVINCE    "Zuid-Holland"
set_var EASYRSA_REQ_CITY        "Rijnsburg"
set_var EASYRSA_REQ_ORG         "Oscar.de.Groot"
set_var EASYRSA_REQ_EMAIL       "oscar@oscardegroot.nl"
set_var EASYRSA_REQ_OU          "MySites"

Generate the required certificates and keys:

$ ./easyrsa init-pki
$ ./easyrsa build-ca
$ ./easyrsa gen-req server nopass
$ ./easyrsa sign-req server server
$ ./easyrsa gen-dh
$ openvpn --genkey --secret pki/ta.key