diff --git a/ChangeLog b/ChangeLog
index 13975519a..9c4c06408 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -38,6 +38,8 @@ Bugfix
      standard 1 byte version sometimes used by Microsoft. (Closes ticket #38)
    * Fixed incorrect behaviour in case of RSASSA-PSS with a salt length
      smaller than the hash length. (Closes ticket #41)
+   * If certificate serial is longer than 32 octets, serial number is now
+     appended with '....' after first 28 octets
 
 = Version 1.0.0 released on 2011-07-27
 Features
diff --git a/library/x509parse.c b/library/x509parse.c
index 631fe5530..e14a16391 100644
--- a/library/x509parse.c
+++ b/library/x509parse.c
@@ -2362,7 +2362,7 @@ int x509parse_serial_gets( char *buf, size_t size, const x509_buf *serial )
     n = size;
 
     nr = ( serial->len <= 32 )
-        ? serial->len  : 32;
+        ? serial->len  : 28;
 
     for( i = 0; i < nr; i++ )
     {
@@ -2371,6 +2371,12 @@ int x509parse_serial_gets( char *buf, size_t size, const x509_buf *serial )
         SAFE_SNPRINTF();
     }
 
+    if( nr != serial->len )
+    {
+        ret = snprintf( p, n, "...." );
+        SAFE_SNPRINTF();
+    }
+
     return( (int) ( size - n ) );
 }