diff --git a/openstackclient/image/v2/image.py b/openstackclient/image/v2/image.py
index b068ddafd1..029f57a3b1 100644
--- a/openstackclient/image/v2/image.py
+++ b/openstackclient/image/v2/image.py
@@ -440,8 +440,14 @@ class CreateImage(command.ShowOne):
                         prompt=("Please enter private key password, leave "
                                 "empty if none: "),
                         confirm=False)
+
                     if not pw or len(pw) < 1:
                         pw = None
+                    else:
+                        # load_private_key() requires the password to be
+                        # passed as bytes
+                        pw = pw.encode()
+
                     signer.load_private_key(
                         sign_key_path,
                         password=pw)
diff --git a/releasenotes/notes/fix-story-2007890-0974f3e69f26801e.yaml b/releasenotes/notes/fix-story-2007890-0974f3e69f26801e.yaml
new file mode 100644
index 0000000000..87d6f18bae
--- /dev/null
+++ b/releasenotes/notes/fix-story-2007890-0974f3e69f26801e.yaml
@@ -0,0 +1,7 @@
+---
+fixes:
+  - |
+    While uploading a signed image, a private key to sign that image must be
+    specified. The CLI client asks for the password of that private key. Due
+    to wrong encoding handling while using Python 3, the password is not
+    accepted, whether it is correct or not.