diff --git a/src/x509.c b/src/x509.c
index ea8c688e04..e801dbf1f7 100644
--- a/src/x509.c
+++ b/src/x509.c
@@ -6022,7 +6022,7 @@ WOLFSSL_API int wolfSSL_X509_ACERT_get_attr_buf(const WOLFSSL_X509_ACERT* x509,
     *rawAttr = x509->rawAttr;
     *rawAttrLen = x509->rawAttrLen;
 
-    return 0;
+    return WOLFSSL_SUCCESS;
 }
 #endif /* if WOLFSSL_ACERT*/
 
@@ -7435,31 +7435,39 @@ static int X509AcertPrintSignature(WOLFSSL_BIO* bio, WOLFSSL_X509_ACERT* x509,
     return WOLFSSL_SUCCESS;
 }
 
-/* Write X509 ACERT serial number in unsigned binary to buffer.
- * Buffer needs to be at least EXTERNAL_SERIAL_SIZE (32) for all cases.
+/* Retrieve the serial number from an ACERT.
  *
- * Returns  WOLFSSL_SUCCESS on success
- *  */
+ * @param [in]       x509    the x509 attribute certificate
+ * @param [in, out]  buf     the serial number buffer pointer
+ * @param [in, out]  bufSz   the serial number buffer size pointer
+ *
+ * buf may be null, but bufSz is required. On success, sets
+ * bufSz pointer to signature length, and copies signature
+ * to buf if provided.
+ *
+ * Returns  WWOLFSSL_FATAL_ERROR if bufSz is null or too small.
+ * Returns  WOLFSSL_SUCCESS on success.
+ */
 int wolfSSL_X509_ACERT_get_serial_number(WOLFSSL_X509_ACERT* x509,
-                                         byte* in, int* inOutSz)
+                                         byte* buf, int* bufSz)
 {
     WOLFSSL_ENTER("wolfSSL_X509_ACERT_get_serial_number");
 
-    if (x509 == NULL || inOutSz == NULL) {
+    if (x509 == NULL || bufSz == NULL) {
         WOLFSSL_MSG("error: null argument passed in");
         return BAD_FUNC_ARG;
     }
 
-    if (in != NULL) {
-        if (*inOutSz < x509->serialSz) {
+    if (buf != NULL) {
+        if (*bufSz < x509->serialSz) {
             WOLFSSL_MSG("error: serial buffer too small");
             return BUFFER_E;
         }
 
-        XMEMCPY(in, x509->serial, x509->serialSz);
+        XMEMCPY(buf, x509->serial, x509->serialSz);
     }
 
-    *inOutSz = x509->serialSz;
+    *bufSz = x509->serialSz;
 
     return WOLFSSL_SUCCESS;
 }
diff --git a/tests/api.c b/tests/api.c
index 4dc8949faf..5d62c32e3a 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -13612,6 +13612,8 @@ static int test_wolfSSL_X509_ACERT_misc_api(void)
     word32       attr_len = 0;
     size_t       i = 0;
     int          buf_len = 0;
+    byte         serial[32];
+    int          serial_len = sizeof(serial);
 
     for (i = 0; i < 2; ++i) {
         const char * acert_file = acerts[i];
@@ -13648,9 +13650,17 @@ static int test_wolfSSL_X509_ACERT_misc_api(void)
             ExpectIntEQ(nid, NID_sha256WithRSAEncryption);
         }
 
+        rc = wolfSSL_X509_ACERT_get_serial_number(x509, serial, &serial_len);
+        ExpectIntEQ(rc, SSL_SUCCESS);
+        ExpectIntEQ(serial_len, 1);
+
+        rc = wolfSSL_X509_ACERT_get_serial_number(x509, NULL, &serial_len);
+        ExpectIntEQ(rc, SSL_SUCCESS);
+        ExpectIntEQ(serial_len, 1);
+
         /* This cert has a 237 byte attributes field. */
         rc = wolfSSL_X509_ACERT_get_attr_buf(x509, &raw_attr, &attr_len);
-        ExpectIntEQ(rc, 0);
+        ExpectIntEQ(rc, SSL_SUCCESS);
 
         ExpectNotNull(raw_attr);
         ExpectIntEQ(attr_len, 237);
@@ -13683,6 +13693,9 @@ static int test_wolfSSL_X509_ACERT_misc_api(void)
         ExpectIntEQ(rc, SSL_SUCCESS);
         ExpectIntEQ(buf_len, 256);
 
+        rc = wolfSSL_X509_ACERT_get_serial_number(x509, serial, NULL);
+        ExpectIntEQ(rc, BAD_FUNC_ARG);
+
         rc = X509_ACERT_print(bp, NULL);
         ExpectIntEQ(rc, WOLFSSL_FAILURE);