diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 0a6b9f46f9c278..5f16dbd95440d6 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -538,7 +538,7 @@ static int ssl_ui_writer(UI *ui, UI_STRING *uis)
  */
 static bool is_pkcs11_uri(const char *string)
 {
-  if(!strncmp(string, "pkcs11:", 7)) {
+  if(strncasecompare(string, "pkcs11:", 7)) {
     return TRUE;
   }
   else {
diff --git a/src/tool_getparam.c b/src/tool_getparam.c
index c6b1a0d6f5adea..cf6a3f052768d9 100644
--- a/src/tool_getparam.c
+++ b/src/tool_getparam.c
@@ -337,7 +337,7 @@ void parse_cert_parameter(const char *cert_parameter,
    * looks like a RFC7512 PKCS#11 URI which can be used as-is.
    * Also if cert_parameter contains no colon nor backslash, this
    * means no passphrase was given and no characters escaped */
-  if(!strncmp(cert_parameter, "pkcs11:", 7) ||
+  if(!curl_strnequal(cert_parameter, "pkcs11:", 7) ||
      !strpbrk(cert_parameter, ":\\")) {
     *certname = strdup(cert_parameter);
     return;
diff --git a/src/tool_operate.c b/src/tool_operate.c
index ef50bcd9ab7683..fa44c70d8d473c 100644
--- a/src/tool_operate.c
+++ b/src/tool_operate.c
@@ -118,7 +118,7 @@ static bool is_fatal_error(CURLcode code)
  */
 static bool is_pkcs11_uri(const char *string)
 {
-  if(!strncmp(string, "pkcs11:", 7)) {
+  if(curl_strnequal(string, "pkcs11:", 7)) {
     return TRUE;
   }
   else {