diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index e46a2ee9c..afef62ff1 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -8201,6 +8201,7 @@ int rsa_test(void)
     /* self signed */
     {
         Cert        myCert;
+        const byte  mySerial[8] = {1,2,3,4,5,6,7,8};
     #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES)
         FILE*       derFile;
         FILE*       pemFile;
@@ -8231,6 +8232,8 @@ int rsa_test(void)
         XSTRNCPY(myCert.subject.unit, "Development", CTC_NAME_SIZE);
         XSTRNCPY(myCert.subject.commonName, "www.yassl.com", CTC_NAME_SIZE);
         XSTRNCPY(myCert.subject.email, "info@yassl.com", CTC_NAME_SIZE);
+        XMEMCPY(myCert.serial, mySerial, sizeof(mySerial));
+        myCert.serialSz = (int)sizeof(mySerial);
         myCert.isCA    = 1;
         myCert.sigType = CTC_SHA256wRSA;
 
diff --git a/wolfssl/wolfcrypt/asn_public.h b/wolfssl/wolfcrypt/asn_public.h
index 77feeee2b..0e428942b 100644
--- a/wolfssl/wolfcrypt/asn_public.h
+++ b/wolfssl/wolfcrypt/asn_public.h
@@ -99,7 +99,7 @@ enum Ctc_Misc {
     CTC_NAME_SIZE     =    64,
     CTC_DATE_SIZE     =    32,
     CTC_MAX_ALT_SIZE  = 16384,   /* may be huge */
-    CTC_SERIAL_SIZE   =    20,
+    CTC_SERIAL_SIZE   =    16,
 #ifdef WOLFSSL_CERT_EXT
     /* AKID could contains: hash + (Option) AuthCertIssuer,AuthCertSerialNum
      * We support only hash */