diff --git a/app/owlca/forms.py b/app/owlca/forms.py
index 2ca7bfc478c4577f4dfbdb7d08e35919bbd595be..25461657298430e1abfabf8d492a57ef83c224c0 100644
--- a/app/owlca/forms.py
+++ b/app/owlca/forms.py
@@ -15,6 +15,11 @@ class CaCreateForm(forms.Form):
         widget=forms.PasswordInput(),
         required=True,
     )
+    repeat = forms.CharField(
+        max_length=128,
+        widget=forms.PasswordInput(),
+        required=True,
+    )
     length = forms.TypedChoiceField(
         choices=length_choices,
         coerce=int,
@@ -43,6 +48,18 @@ class CaCreateForm(forms.Form):
 
     public = forms.BooleanField(required=False)
 
+    def clean(self):
+        """Custom validation to match passwords"""
+        cleaned_data = super().clean()
+
+        password = cleaned_data.get('password')
+        repeat = cleaned_data.get('repeat')
+
+        if password and repeat:
+            if password != repeat:
+                raise forms.ValidationError("The two password fields must match")
+
+        return cleaned_data
 class CsrCreateForm(forms.Form):
     csr_pem = forms.FileField()