diff --git a/doc/api/cli.md b/doc/api/cli.md
index 34b2c7aff6adcc..53cfe5a96b4dd6 100644
--- a/doc/api/cli.md
+++ b/doc/api/cli.md
@@ -314,7 +314,7 @@ When set, the well known "root" CAs (like VeriSign) will be extended with the
 extra certificates in `file`. The file should consist of one or more trusted
 certificates in PEM format. A message will be emitted (once) with
 [`process.emitWarning()`][emit_warning] if the file is missing or
-misformatted, but any errors are otherwise ignored.
+malformed, but any errors are otherwise ignored.
 
 Note that neither the well known nor extra certificates are used when the `ca`
 options property is explicitly specified for a TLS or HTTPS client or server.