easy-rsa
You google the instruction in Russian.

Because it's a monster. Oblo, huge, mischievous, stozevno and bark. A bunch of all possible parameters, and an even bigger bunch of their combinations, allowing you to do a lot of things so big that it's hard to describe.
There was a book , there at the beginning just about creating and configuring CA, not everything is true, it is written, only the main points.
Everything is blurred and incomprehensible because MMM - We Can Do Much. Well, in a real sense, a lot is possible there :)
What kind of certificates will be issued? What will be the information in the Subject? What is the validity period? Will CDP be used? AIA? Will PKCS#12 be released or transmitted this way? Is it possible to have two certificates with the same Subject in the database? What information will be required for the Subject (without it, the release will be refused).
An abyss of questions :) If anything - soap in the profile, but I don’t answer right away

If you don't feel like messing around with scripts, try BounCA - it's a simple web muzzle that does exactly what you ask. If you want - as correctly said above, easy-rsa.