diff --git a/keystore/java/android/security/CertTool.java b/keystore/java/android/security/CertTool.java
index d1174ad2fcb9b..6caeb3ecaec29 100644
--- a/keystore/java/android/security/CertTool.java
+++ b/keystore/java/android/security/CertTool.java
@@ -163,15 +163,9 @@ public class CertTool {
                 return ret;
             }
         }
-        while ((pemData = this.popPkcs12CertificateStack(handle)) != null) {
-            if (i++ > 0) {
-                if ((ret = sKeystore.put(CA_CERTIFICATE, keyname + i, pemData)) != 0) {
-                    return ret;
-                }
-            } else {
-                if ((ret = sKeystore.put(CA_CERTIFICATE, keyname, pemData)) != 0) {
-                    return ret;
-                }
+        if ((pemData = this.popPkcs12CertificateStack(handle)) != null) {
+            if ((ret = sKeystore.put(CA_CERTIFICATE, keyname, pemData)) != 0) {
+                return ret;
             }
         }
         return 0;
diff --git a/keystore/jni/cert.c b/keystore/jni/cert.c
index 006a0a3512586..d5d57f7f146e5 100644
--- a/keystore/jni/cert.c
+++ b/keystore/jni/cert.c
@@ -212,13 +212,14 @@ static int convert_to_pem(void *data, int is_cert, char *buf, int size)
     }
 err:
     if (bio) BIO_free(bio);
-    return (len == 0) ? -1 : 0;
+    return len;
 }
 
 int get_pkcs12_certificate(PKCS12_KEYSTORE *p12store, char *buf, int size)
 {
     if ((p12store != NULL) && (p12store->cert != NULL)) {
-        return convert_to_pem((void*)p12store->cert, 1, buf, size);
+        int len = convert_to_pem((void*)p12store->cert, 1, buf, size);
+        return (len == 0) ? -1 : 0;
     }
     return -1;
 }
@@ -226,7 +227,8 @@ int get_pkcs12_certificate(PKCS12_KEYSTORE *p12store, char *buf, int size)
 int get_pkcs12_private_key(PKCS12_KEYSTORE *p12store, char *buf, int size)
 {
     if ((p12store != NULL) && (p12store->pkey != NULL)) {
-        return convert_to_pem((void*)p12store->pkey, 0, buf, size);
+        int len = convert_to_pem((void*)p12store->pkey, 0, buf, size);
+        return (len == 0) ? -1 : 0;
     }
     return -1;
 }
@@ -234,12 +236,16 @@ int get_pkcs12_private_key(PKCS12_KEYSTORE *p12store, char *buf, int size)
 int pop_pkcs12_certs_stack(PKCS12_KEYSTORE *p12store, char *buf, int size)
 {
     X509 *cert = NULL;
+    int len = 0;
 
-    if ((p12store != NULL) && (p12store->certs != NULL) &&
-        ((cert = sk_X509_pop(p12store->certs)) != NULL)) {
-        int ret = convert_to_pem((void*)cert, 1, buf, size);
-        X509_free(cert);
-        return ret;
+    if ((p12store != NULL) && (p12store->certs != NULL)) {
+        while (((cert = sk_X509_pop(p12store->certs)) != NULL) && (len < size)) {
+            int s = convert_to_pem((void*)cert, 1, buf + len, size - len);
+            if (s == 0) return -1;
+            len += s;
+            X509_free(cert);
+        }
+        return (len == 0) ? -1 : 0;
     }
     return -1;
 }