diff --git a/security/easy-rsa/files/pkg-message.in b/security/easy-rsa/files/pkg-message.in
index 2efeed9ffba5..0127f30927bb 100644
--- a/security/easy-rsa/files/pkg-message.in
+++ b/security/easy-rsa/files/pkg-message.in
@@ -1,33 +1,33 @@
 
 NOTE: easyrsa will require you to initialize a PKI upon first use.
 
 ONLY for the very first run for a new PKI, do something such as this,
 assuming you will have its data in $HOME/my_new_pki:
 
   easyrsa --pki-dir=$HOME/my_new_pki init-pki # DANGEROUS - DESTROYS ~/my_new_pki
 
 See %%PREFIX%%/share/doc/easy-rsa/README.quickstart.md for further information.
 
 An on-line help is available, you can run:
 
   easyrsa help          # for help on commands
   easyrsa help options  # for help on options
 
 **** SECURITY WARNING FOR PAST security/easy-rsa versions ****
 **** easyrsa may have encrypted your CA private key with a weak cipher
 
 Per CVE-2024-13454, Easy-RSA 3.0.5 inclusively up to and including 3.1.7,
 when used with OpenSSL 3, may have accidentally encrypted the CA private
 key with a weak cipher, des-ede3-cbc, instead of the intended aes-256-cbc,
 when a CA was created with the   easyrsa build-ca   command.
 
 Such mistakes cannot be corrected by upgrading Easy-RSA alone.
 
 The standing recommendation for CA private keys is to 
-re-encrypt the CA privat keys with the aes-256-cbc cipher,
+re-encrypt the CA private keys with the aes-256-cbc cipher,
 by using the   easyrsa set-pass ca   command.
 
 For details, see https://community.openvpn.net/openvpn/wiki/CVE-2024-13454.
 
 **** END SECURITY WARNING FOR PAST security/easy-rsa versions ****