diff --git a/security/nss/lib/certdb/stanpcertdb.c b/security/nss/lib/certdb/stanpcertdb.c
index 6fb3dbe593e2..c5dda65ff4be 100644
--- a/security/nss/lib/certdb/stanpcertdb.c
+++ b/security/nss/lib/certdb/stanpcertdb.c
@@ -210,8 +210,16 @@ __CERT_NewTempCertificate(CERTCertDBHandle *handle, SECItem *derCert,
                    &c->issuer, cc->derIssuer.len, cc->derIssuer.data);
     nssItem_Create(arena, 
                    &c->subject, cc->derSubject.len, cc->derSubject.data);
-    nssItem_Create(arena, 
-                   &c->serial, cc->serialNumber.len, cc->serialNumber.data);
+    if (PR_TRUE) {
+	/* CERTCertificate stores serial numbers decoded.  I need the DER
+	* here.  sigh.
+	*/
+	SECItem derSerial = { 0 };
+	CERT_SerialNumberFromDERCert(&cc->derCert, &derSerial);
+	if (!derSerial.data) goto loser;
+	nssItem_Create(arena, &c->serial, derSerial.len, derSerial.data);
+	PORT_Free(derSerial.data);
+    }
     if (nickname) {
 	c->nickname = nssUTF8_Create(arena, 
                                      nssStringType_UTF8String, 
diff --git a/security/nss/lib/pk11wrap/pk11cert.c b/security/nss/lib/pk11wrap/pk11cert.c
index 1af0f33178f1..a7a90b414495 100644
--- a/security/nss/lib/pk11wrap/pk11cert.c
+++ b/security/nss/lib/pk11wrap/pk11cert.c
@@ -1482,6 +1482,7 @@ PK11_ImportCert(PK11SlotInfo *slot, CERTCertificate *cert,
     CK_ATTRIBUTE *attrs;
     CK_RV crv;
     SECCertUsage *certUsage = NULL;
+    SECItem derSerial = { 0 };
 
     if (keyID == NULL) {
 	PORT_SetError(SEC_ERROR_ADDING_CERT);
@@ -1503,8 +1504,14 @@ PK11_ImportCert(PK11SlotInfo *slot, CERTCertificate *cert,
 					 cert->derSubject.len ); attrs++;
     PK11_SETATTRS(attrs,CKA_ISSUER, cert->derIssuer.data,
 					 cert->derIssuer.len ); attrs++;
-    PK11_SETATTRS(attrs,CKA_SERIAL_NUMBER, cert->serialNumber.data,
-					 cert->serialNumber.len); attrs++;
+    if (PR_TRUE) {
+	/* CERTCertificate stores serial numbers decoded.  I need the DER
+	* here.  sigh.
+	*/
+	CERT_SerialNumberFromDERCert(&cert->derCert, &derSerial);
+	PK11_SETATTRS(attrs,CKA_SERIAL_NUMBER, derSerial.data, derSerial.len); 
+	attrs++;
+    }
     PK11_SETATTRS(attrs,CKA_VALUE, cert->derCert.data, 
 						cert->derCert.len); attrs++;
     if (includeTrust && PK11_IsInternal(slot)) {
@@ -1577,6 +1584,7 @@ PK11_ImportCert(PK11SlotInfo *slot, CERTCertificate *cert,
     }
 
 done:
+    if (derSerial.data) PORT_Free(derSerial.data);
     SECITEM_FreeItem(keyID,PR_TRUE);
     PK11_RestoreROSession(slot,rwsession);
     if(certUsage) {