diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index b2101559f..a2c85e322 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -8666,12 +8666,17 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
          } else {
             cert->ca = NULL;
     #ifndef NO_SKID
-            if (cert->extAuthKeyIdSet)
+            if (cert->extAuthKeyIdSet) {
                 cert->ca = GetCA(cm, cert->extAuthKeyId);
+            }
             if (cert->ca == NULL && cert->extSubjKeyIdSet \
                                  && verify != VERIFY_OCSP) {
                 cert->ca = GetCA(cm, cert->extSubjKeyId);
             }
+            if (cert->ca != NULL && XMEMCMP(cert->issuerHash,
+                                  cert->ca->subjectNameHash, KEYID_SIZE) != 0) {
+                cert->ca = NULL;
+            }
             if (cert->ca == NULL)
                 cert->ca = GetCAByName(cm, cert->issuerHash);
 
@@ -8766,6 +8771,10 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
                                  && verify != VERIFY_OCSP) {
                 cert->ca = GetCA(cm, cert->extSubjKeyId);
             }
+            if (cert->ca != NULL && XMEMCMP(cert->issuerHash,
+                                  cert->ca->subjectNameHash, KEYID_SIZE) != 0) {
+                cert->ca = NULL;
+            }
             if (cert->ca == NULL)
                 cert->ca = GetCAByName(cm, cert->issuerHash);