diff --git a/src/tpm2_wrap.c b/src/tpm2_wrap.c
index 5b43f07..0fa2290 100644
--- a/src/tpm2_wrap.c
+++ b/src/tpm2_wrap.c
@@ -277,13 +277,7 @@ WOLFTPM2_CSR* wolfTPM2_NewCSR(void)
             csr = NULL;
         }
         if (csr) {
-            /* Set version to 2 for self-signed certificates, 0 for regular CSRs per RFC2986 */
-            if (csr->req.selfSigned) {
-                csr->req.version = 2;
-            }
-            else {
-                csr->req.version = 0;
-            }
+            csr->req.version = 0; /* per RFC2986 : CSR version should be 0 */
         }
     }
     return csr;
@@ -7186,6 +7180,14 @@ int wolfTPM2_CSR_MakeAndSign_ex(WOLFTPM2_DEV* dev, WOLFTPM2_CSR* csr,
         return BAD_FUNC_ARG;
     }
 
+    /* Set version to 2 for self-signed certificates, 0 for regular CSRs per RFC2986 */
+    if (selfSignCert) {
+        csr->req.version = 2;
+    }
+    else {
+        csr->req.version = 0;
+    }
+
     rc = CSR_KeySetup(dev, csr, key, &csrKey, sigType, devId);
     if (rc == 0) {
         rc = CSR_MakeAndSign(dev, csr, &csrKey, outFormat, out, outSz,