Thanks for the theory, in practice it was not so easy because the naming conventions are a horror.
And the most important part is that the privekey.pem cannot have a password, and easyrsa enforces having a password. Many thanks to user1686 on superuser!