diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
index e0a584e..53e691c 100755
--- a/easyrsa3/easyrsa
+++ b/easyrsa3/easyrsa
@@ -1372,6 +1372,8 @@ Please update openssl-easyrsa.cnf to the latest official release."
 		# Assign passphrase vars and temp file
 		p=""
 		q=""
+		in_key_pass_tmp="$(easyrsa_mktemp)" || \
+			die "Failed to create temporary file"
 		out_key_pass_tmp="$(easyrsa_mktemp)" || \
 			die "Failed to create temporary file"
 
@@ -1385,6 +1387,7 @@ Please update openssl-easyrsa.cnf to the latest official release."
 
 		# Validate passphrase
 		if [ "$p" = "$q" ]; then
+			printf "%s" "$p" > "$in_key_pass_tmp"
 			printf "%s" "$p" > "$out_key_pass_tmp"
 			unset -v p q
 		else
@@ -1459,6 +1462,7 @@ Please update openssl-easyrsa.cnf to the latest official release."
 			${EASYRSA_NO_PASS+ "$no_password"} \
 			${EASYRSA_PASSIN:+ -passin "$EASYRSA_PASSIN"} \
 			${EASYRSA_PASSOUT:+ -passout "$EASYRSA_PASSOUT"} \
+			${in_key_pass_tmp:+ -passin file:"$in_key_pass_tmp"} \
 			${out_key_pass_tmp:+ -passin file:"$out_key_pass_tmp"} \
 				|| die "Failed to build the CA"
 	;;