Build docker image (optional):

git clone https://github.com/sonnyyu/mtls-cert-manage
cd mtls-cert-manage
docker build -t easy-rsa .
docker tag easy-rsa sonnyyu/easy-rsa:3
#docker login
docker push sonnyyu/easy-rsa:3

Grab it from dockerhub:

docker pull sonnyyu/easy-rsa:3

Test it:

docker run -it --rm -v ~/mtls-cert-manage/pki:/pki sonnyyu/easy-rsa:3

Setup alias

nano  ~/.bashrc
#My custom aliases
alias easy-rsa="docker run -it --rm -v ~/mtls-cert-manage/pki:/pki sonnyyu/easy-rsa:3"
source ~/.bashrc 

Run with easy-rsa

easy-rsa

Use it with:

easy-rsa init-pki
easy-rsa build-ca
easy-rsa --subject-alt-name="DNS:www.test.com,IP:192.168.1.204"  build-server-full localhost nopass
easy-rsa build-client-full client1 
easy-rsa export-p12  client1

Copy all the certificate to local directory

export workdir=~/mtls-cert-manage
sudo -E cp $workdir/pki/pki/ca.crt $workdir/cert 
sudo -E cp $workdir/pki/pki/private/client1.key $workdir/cert
sudo -E cp $workdir/pki/pki/private/client1.p12 $workdir/cert
sudo -E cp $workdir/pki/pki/issued/client1.crt $workdir/cert
sudo -E cp $workdir/pki/pki/private/localhost.key  $workdir/cert
sudo -E cp $workdir/pki/pki/issued/localhost.crt $workdir/cert
cd $workdir/cert
sudo chmod 644  *

Note:

• client1.p12 is client p12 file (client certificate)
• ca.crt is CA Certificate

Install Certificate at Windows

• How to import CA Certificate in Windows
• How to import client certificate to the Chrome
• How to import client certificate to the Firefox
• How to import client certificate to the Microsoft Edge