Ubuntuにeasy-rsaを使ってCAを構築して自己証明書を作成するWindows IIS編です。IISでの証明書要求の作成と署名した証明書の取り込み、HTTPSの有効化は調べるとたくさんあるのでそれほど難しいものではないです。

$ ./easyrsa import-req /tmp/iis-csr.txt winiis

Note: using Easy-RSA configuration from: ./vars

Using SSL: openssl OpenSSL 1.1.1f  31 Mar 2020

The request has been successfully imported with a short name of: winiis
You may now use this name to perform signing operations on this request.


$ ./easyrsa sign-req server winiis

Note: using Easy-RSA configuration from: ./vars

Using SSL: openssl OpenSSL 1.1.1f  31 Mar 2020

You are about to sign the following certificate.
Please check over the details shown below for accuracy. Note that this request
has not been cryptographically verified. Please be sure it came from a trusted
source or that you have verified the request checksum with the sender.

Request subject, to be signed as a server certificate for 7300 days:

    countryName               = JP
    stateOrProvinceName       = TODOHFUKEN
    localityName              = MACHI
    organizationName          = My Company Name
    organizationalUnitName    = My Domain
    commonName                = winiis
    emailAddress              = mail@mydomain.local

Type the word 'yes' to continue, or any other input to abort.
  Confirm request details: yes
Using configuration from /home/foo/easy-rsa/pki/safessl-easyrsa.cnf
Enter pass phrase for /home/foo/easy-rsa/pki/private/ca.key: CA構築時のパスフレーズを入力
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'JP'
stateOrProvinceName   :ASN.1 12:'TODOHFUKEN'
localityName          :ASN.1 12:'MACHI'
organizationName      :ASN.1 12:'My Company Name'
organizationalUnitName:ASN.1 12:'My Domain'
commonName            :ASN.1 12:'winiis'
emailAddress          :IA5STRING:'mail@mydomain.local'
Certificate is to be certified until Mar 10 04:39:55 2042 GMT (7300 days)

Write out database with 1 new entries
Data Base Updated

Certificate created at: /home/foo/easy-rsa/pki/issued/winiis.crt