diff --git a/src/cryptoki.cxx b/src/cryptoki.cxx
index d182af0..164a6fa 100644
--- a/src/cryptoki.cxx
+++ b/src/cryptoki.cxx
@@ -244,10 +244,16 @@ namespace cryptoki {
     AttributeList attrs;
     attrs.push_back(Attribute(CKA_CLASS)
                     .from<CK_OBJECT_CLASS>(CKO_CERTIFICATE));
+    attrs.push_back(Attribute(CKA_TOKEN).from<CK_BBOOL>(TRUE));
+    attrs.push_back(Attribute(CKA_PRIVATE).from<CK_BBOOL>(FALSE));
+    attrs.push_back(Attribute(CKA_MODIFIABLE).from<CK_BBOOL>(TRUE));
+    attrs.push_back(Attribute(CKA_LABEL, label));
     attrs.push_back(Attribute(CKA_CERTIFICATE_TYPE)
                     .from<CK_CERTIFICATE_TYPE>(CKC_X_509));
-    attrs.push_back(Attribute(CKA_LABEL, label));
     attrs.push_back(Attribute(CKA_SUBJECT, cert.subjectDER()));
+    attrs.push_back(Attribute(CKA_ID, cert.id()));
+    attrs.push_back(Attribute(CKA_ISSUER, cert.issuerDER()));
+    attrs.push_back(Attribute(CKA_SERIAL_NUMBER, cert.serial()));
     attrs.push_back(Attribute(CKA_VALUE, cert.valueDER()));
     return create(attrs);
   }
diff --git a/src/cryptoki.hxx b/src/cryptoki.hxx
index a645c2d..2647026 100644
--- a/src/cryptoki.hxx
+++ b/src/cryptoki.hxx
@@ -114,7 +114,8 @@ namespace cryptoki {
 
   typedef std::vector<CK_ATTRIBUTE_TYPE> AttributeTypeList;
 
-  struct Attribute {
+  class Attribute {
+    public:
       Attribute(CK_ATTRIBUTE_TYPE t = -1): type(t) {}
       Attribute(CK_ATTRIBUTE_TYPE t, const std::string& v): type(t), value(v) {}
       Attribute(CK_ATTRIBUTE& attr):
diff --git a/src/openssl.hxx b/src/openssl.hxx
index 9b97f41..529f2e0 100644
--- a/src/openssl.hxx
+++ b/src/openssl.hxx
@@ -272,12 +272,19 @@ namespace openssl {
         /* @bug http://albistechnologies.com reports: «could be a
             failure in openSSL: len too short by 1 if serial number
             starts with 00 ASN1_INTEGER* ser =
-            X509_get_serialNumber(_x509);» */
-        ASN1_INTEGER* ser(X509_get_serialNumber(_x509));
-        //! @todo requires memory free?
-        /*! @todo ser->type?!? http://albistechnologies.com prepends
-            tag and length in the first two char-fields. */
-        return std::string((char*)ser->data, ser->length);
+            X509_get_serialNumber(_x509);»
+            @code
+            ASN1_INTEGER* ser(X509_get_serialNumber(_x509));
+            return std::string((char*)ser->data, ser->length);
+            @endcode
+            - requires memory free?
+            - ser->type?!? http://albistechnologies.com prepends
+              tag and length in the first two char-fields. */
+        unsigned char* c(0);
+        int len(i2d_X509(_x509, &c));
+        std::string res((char*)c+15, c[14]);
+        OPENSSL_free(c);
+        return res;
       }
       //! Get id.
       std::string id() const {