diff --git a/.gitignore b/.gitignore
index 9ef608923..ebfc8c475 100644
--- a/.gitignore
+++ b/.gitignore
@@ -52,6 +52,8 @@ othercert.der
 othercert.pem
 key.der
 key.pem
+certreq.der
+certreq.pem
 diff
 sslSniffer/sslSnifferTest/tracefile.txt
 *.gz
diff --git a/ctaocrypt/src/asn.c b/ctaocrypt/src/asn.c
index 14210b593..2b12844d6 100644
--- a/ctaocrypt/src/asn.c
+++ b/ctaocrypt/src/asn.c
@@ -4625,7 +4625,7 @@ static int EncodeCertReq(Cert* cert, DerCert* der,
     XMEMSET(der, 0, sizeof(DerCert));
 
     /* version */
-    der->versionSz = SetMyVersion(0, der->version, FALSE);
+    der->versionSz = SetMyVersion(cert->version, der->version, FALSE);
 
     /* subject name */
     der->subjectSz = SetName(der->subject, &cert->subject);
diff --git a/ctaocrypt/test/test.c b/ctaocrypt/test/test.c
index b213ddd39..b8c7261b4 100644
--- a/ctaocrypt/test/test.c
+++ b/ctaocrypt/test/test.c
@@ -3043,6 +3043,80 @@ int rsa_test(void)
         FreeRsaKey(&caKey);
     }
 #endif /* HAVE_NTRU */
+#ifdef CYASSL_CERT_REQ
+    {
+        RsaKey      caKey;
+        Cert        myCert;
+        byte*       derCert;
+        byte*       pem;
+        FILE*       ioFile;
+        int         certSz;
+        int         pemSz;
+        word32      idx3 = 0;
+
+        derCert = (byte*)malloc(FOURK_BUF);
+        if (derCert == NULL)
+            return -463;
+        pem = (byte*)malloc(FOURK_BUF);
+        if (pem == NULL)
+            return -464;
+
+        ioFile = fopen(caKeyFile, "rb");
+
+        if (!ioFile)
+            return -465;
+
+        pemSz = (int)fread(pem, 1, FOURK_BUF, ioFile);
+        fclose(ioFile);
+
+        InitRsaKey(&caKey, 0);
+        ret = RsaPrivateKeyDecode(pem, &idx3, &caKey, (word32)pemSz);
+        if (ret != 0)
+            return -466;
+
+        InitCert(&myCert);
+
+        myCert.version = 0;
+        strncpy(myCert.subject.country, "US", CTC_NAME_SIZE);
+        strncpy(myCert.subject.state, "OR", CTC_NAME_SIZE);
+        strncpy(myCert.subject.locality, "Portland", CTC_NAME_SIZE);
+        strncpy(myCert.subject.org, "yaSSL", CTC_NAME_SIZE);
+        strncpy(myCert.subject.unit, "Development", CTC_NAME_SIZE);
+        strncpy(myCert.subject.commonName, "www.yassl.com", CTC_NAME_SIZE);
+        strncpy(myCert.subject.email, "info@yassl.com", CTC_NAME_SIZE);
+        myCert.sigType = CTC_SHA256wRSA;
+
+        certSz = MakeCertReq(&myCert, derCert, FOURK_BUF, &key, NULL);
+        if (certSz < 0)
+            return -467;
+
+        certSz = SignCert(myCert.bodySz, myCert.sigType, derCert, FOURK_BUF,
+                          &caKey, NULL, &rng);
+        if (certSz < 0)
+            return -468;
+
+        ioFile = fopen("./certreq.der", "wb");
+        if (!ioFile)
+            return -469;
+
+        ret = (int)fwrite(derCert, certSz, 1, ioFile);
+        fclose(ioFile);
+
+        pemSz = DerToPem(derCert, certSz, pem, FOURK_BUF, CERTREQ_TYPE);
+        if (pemSz < 0)
+            return -470;
+
+        ioFile = fopen("./certreq.pem", "wb");
+        if (!ioFile)
+            return -471;
+        ret = (int)fwrite(pem, pemSz, 1, ioFile);
+        fclose(ioFile);
+
+        free(pem);
+        free(derCert);
+        FreeRsaKey(&caKey);
+    }
+#endif /* CYASSL_CERT_REQ */
 #endif /* CYASSL_CERT_GEN */
 
     FreeRsaKey(&key);