diff --git a/src/ssl_load.c b/src/ssl_load.c
index ed96d4aa4..4a67913ed 100644
--- a/src/ssl_load.c
+++ b/src/ssl_load.c
@@ -4155,6 +4155,7 @@ static int wolfSSL_CTX_use_certificate_ex(WOLFSSL_CTX* ctx,
     byte *certData = NULL;
     word32 certDataLen = 0;
     word32 labelLen = 0;
+    int certFormat = 0;
 
     WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_ex");
 
@@ -4163,13 +4164,13 @@ static int wolfSSL_CTX_use_certificate_ex(WOLFSSL_CTX* ctx,
     }
 
     ret = wc_CryptoCb_GetCert(devId, (const sword8 *)label,
-        labelLen, id, idLen, &certData, &certDataLen, ctx->heap);
+        labelLen, id, idLen, &certData, &certDataLen, &certFormat, ctx->heap);
     if (ret != 0) {
         ret = WOLFSSL_FAILURE;
         goto exit;
     }
 
-    ret = ProcessBuffer(ctx, certData, certDataLen, WOLFSSL_FILETYPE_ASN1,
+    ret = ProcessBuffer(ctx, certData, certDataLen, certFormat,
         CERT_TYPE, NULL, NULL, 0, GET_VERIFY_SETTING_CTX(ctx));
 
 exit:
diff --git a/wolfcrypt/src/cryptocb.c b/wolfcrypt/src/cryptocb.c
index a67fb4109..0d1d26738 100644
--- a/wolfcrypt/src/cryptocb.c
+++ b/wolfcrypt/src/cryptocb.c
@@ -1803,7 +1803,7 @@ int wc_CryptoCb_RandomSeed(OS_Seed* os, byte* seed, word32 sz)
 #ifndef NO_CERTS
 int wc_CryptoCb_GetCert(int devId, const sword8 *label, word32 labelLen,
                         const byte *id, word32 idLen, byte** out,
-                        word32* outSz, void *heap)
+                        word32* outSz, int *format, void *heap)
 {
     int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
     CryptoCb* dev;
@@ -1821,6 +1821,7 @@ int wc_CryptoCb_GetCert(int devId, const sword8 *label, word32 labelLen,
         cryptoInfo.cert.heap = heap;
         cryptoInfo.cert.certDataOut = out;
         cryptoInfo.cert.certSz = outSz;
+        cryptoInfo.cert.certFormatOut = format;
         cryptoInfo.cert.heap = heap;
 
         ret = dev->cb(dev->devId, &cryptoInfo, dev->ctx);
diff --git a/wolfcrypt/src/wc_pkcs11.c b/wolfcrypt/src/wc_pkcs11.c
index bbe292e86..26b2703c7 100644
--- a/wolfcrypt/src/wc_pkcs11.c
+++ b/wolfcrypt/src/wc_pkcs11.c
@@ -4039,6 +4039,9 @@ static int Pkcs11GetCert(Pkcs11Session* session, wc_CryptoInfo* info) {
 
     *info->cert.certDataOut = certData;
     *info->cert.certSz = (word32)tmpl[0].ulValueLen;
+    if (info->cert.certFormatOut != NULL) {
+        *info->cert.certFormatOut = CTC_FILETYPE_ASN1;
+    }
     certData = NULL;
 
 exit:
diff --git a/wolfssl/wolfcrypt/cryptocb.h b/wolfssl/wolfcrypt/cryptocb.h
index fcc35d814..a8f19e304 100644
--- a/wolfssl/wolfcrypt/cryptocb.h
+++ b/wolfssl/wolfcrypt/cryptocb.h
@@ -456,6 +456,7 @@ typedef struct wc_CryptoInfo {
         word32 labelLen;
         byte **certDataOut;
         word32 *certSz;
+        int *certFormatOut;
         void *heap;
     } cert;
 #endif
@@ -671,7 +672,7 @@ WOLFSSL_LOCAL int wc_CryptoCb_Cmac(Cmac* cmac, const byte* key, word32 keySz,
 #ifndef NO_CERTS
 WOLFSSL_LOCAL int wc_CryptoCb_GetCert(int devId, const sword8 *label,
     word32 labelLen, const byte *id, word32 idLen, byte** out,
-    word32* outSz, void *heap);
+    word32* outSz, int *format, void *heap);
 #endif
 
 #endif /* WOLF_CRYPTO_CB */