diff --git a/changes/27007-host-certificate-serial-display b/changes/27007-host-certificate-serial-display
new file mode 100644
index 0000000000..86173dff85
--- /dev/null
+++ b/changes/27007-host-certificate-serial-display
@@ -0,0 +1 @@
+Host certificates with serial numbers below 2^63 will display the decimal represntation of the serial number in addition to hex so that it is easier to match them up to what is displayed in the macOS keychain.
diff --git a/frontend/pages/hosts/details/modals/CertificateDetailsModal/CertificateDetailsModal.tsx b/frontend/pages/hosts/details/modals/CertificateDetailsModal/CertificateDetailsModal.tsx
index 31c607eaac..7c31398814 100644
--- a/frontend/pages/hosts/details/modals/CertificateDetailsModal/CertificateDetailsModal.tsx
+++ b/frontend/pages/hosts/details/modals/CertificateDetailsModal/CertificateDetailsModal.tsx
@@ -42,6 +42,21 @@ const CertificateDetailsModal = ({
signing_algorithm,
} = certificate;
+ let serialDecimal = "";
+ try {
+ if (serial) {
+ // Convert the serial number to decimal and display it if it is less than 2^63 to
+ // match keychain and openSSL display behavior
+ const serialParsed = BigInt(`0x${serial}`);
+ if (serialParsed < BigInt("0x8000000000000000")) {
+ serialDecimal = serialParsed.toString(10);
+ }
+ }
+ } catch (e) {
+ // The serial couldn't be converted to decimal but this is best effort so not a big deal
+ // since we will still show the original representation, whatever it was
+ }
+
const showSubjectSection = Boolean(
subjectCountry ||
subjectOrganization ||
@@ -184,11 +199,18 @@ const CertificateDetailsModal = ({
)}
{serial && (
)}
+ {serialDecimal && (
+
+ )}
)}