diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
index cafbe0e1d..851a4fd71 100755
--- a/easyrsa3/easyrsa
+++ b/easyrsa3/easyrsa
@@ -1526,11 +1526,15 @@ build_ca() {
 
 	while [ "$1" ]; do
 		case "$1" in
-			intca|subca) sub_ca=1 ;;
+			intca|subca)
+				sub_ca=1
+			;;
 			nopass)
 				[ "$prohibit_no_pass" ] || EASYRSA_NO_PASS=1
 			;;
-			raw-ca|raw) EASYRSA_RAW_CA=1 ;;
+			raw-ca|raw)
+				EASYRSA_RAW_CA=1
+			;;
 			*) warn "Ignoring unknown command option: '$1'"
 		esac
 		shift
@@ -1744,44 +1748,44 @@ Raw CA mode
 
 	} | awk "$awkscript" "$EASYRSA_SSL_CONF" \
 			> "$adjusted_ssl_cnf_tmp" || \
-			die "Copying X509_TYPES to config file failed"
+				die "Copying X509_TYPES to config file failed"
 	verbose "build-ca: insert x509 and extensions OK"
 
 	# Use this new SSL config for the rest of this function
 	EASYRSA_SSL_CONF="$adjusted_ssl_cnf_tmp"
 
 	# Generate CA Key
-		case "$EASYRSA_ALGO" in
-		rsa)
-		easyrsa_openssl genpkey \
-			-algorithm "$EASYRSA_ALGO" \
-			-pkeyopt rsa_keygen_bits:"$EASYRSA_ALGO_PARAMS" \
-			-out "$out_key_tmp" \
-			${cipher:+ "$cipher"} \
-			${EASYRSA_PASSOUT:+ -pass "$EASYRSA_PASSOUT"} \
-			${out_key_pass_tmp:+ -pass file:"$out_key_pass_tmp"} \
-				|| die "Failed create CA private key"
-		;;
-		ec)
-		easyrsa_openssl genpkey \
-			-paramfile "$EASYRSA_ALGO_PARAMS" \
-			-out "$out_key_tmp" \
-			${cipher:+ "$cipher"} \
-			${EASYRSA_PASSOUT:+ -pass "$EASYRSA_PASSOUT"} \
-			${out_key_pass_tmp:+ -pass file:"$out_key_pass_tmp"} \
-				|| die "Failed create CA private key"
-		;;
-		ed)
-		easyrsa_openssl genpkey \
-			-algorithm "$EASYRSA_CURVE" \
-			-out "$out_key_tmp" \
-			${cipher:+ "$cipher"} \
-			${EASYRSA_PASSOUT:+ -pass "$EASYRSA_PASSOUT"} \
-			${out_key_pass_tmp:+ -pass file:"$out_key_pass_tmp"} \
-				|| die "Failed create CA private key"
-		;;
-		*)	die "Unknown algorithm: $EASYRSA_ALGO"
-		esac
+	case "$EASYRSA_ALGO" in
+	rsa)
+	easyrsa_openssl genpkey \
+		-algorithm "$EASYRSA_ALGO" \
+		-pkeyopt rsa_keygen_bits:"$EASYRSA_ALGO_PARAMS" \
+		-out "$out_key_tmp" \
+		${cipher:+ "$cipher"} \
+		${EASYRSA_PASSOUT:+ -pass "$EASYRSA_PASSOUT"} \
+		${out_key_pass_tmp:+ -pass file:"$out_key_pass_tmp"} \
+			|| die "Failed create CA private key"
+	;;
+	ec)
+	easyrsa_openssl genpkey \
+		-paramfile "$EASYRSA_ALGO_PARAMS" \
+		-out "$out_key_tmp" \
+		${cipher:+ "$cipher"} \
+		${EASYRSA_PASSOUT:+ -pass "$EASYRSA_PASSOUT"} \
+		${out_key_pass_tmp:+ -pass file:"$out_key_pass_tmp"} \
+			|| die "Failed create CA private key"
+	;;
+	ed)
+	easyrsa_openssl genpkey \
+		-algorithm "$EASYRSA_CURVE" \
+		-out "$out_key_tmp" \
+		${cipher:+ "$cipher"} \
+		${EASYRSA_PASSOUT:+ -pass "$EASYRSA_PASSOUT"} \
+		${out_key_pass_tmp:+ -pass file:"$out_key_pass_tmp"} \
+			|| die "Failed create CA private key"
+	;;
+	*) die "Unknown algorithm: $EASYRSA_ALGO"
+	esac
 
 	# verbose notice
 	if [ "$EASYRSA_RAW_CA" ]; then