diff --git a/builtin/logical/pki/path_fetch.go b/builtin/logical/pki/path_fetch.go
index 13c044720a..c18c73a1ce 100644
--- a/builtin/logical/pki/path_fetch.go
+++ b/builtin/logical/pki/path_fetch.go
@@ -361,7 +361,9 @@ func (b *backend) pathFetchRead(ctx context.Context, req *logical.Request, data
 			contentType = "application/pem-certificate-chain"
 		}
 	default:
-		serial = data.Get("serial").(string)
+		if ser, ok := data.GetOk("serial"); ok {
+			serial = ser.(string)
+		}
 		pemType = "CERTIFICATE"
 	}
 	if len(serial) == 0 {
diff --git a/changelog/27681.txt b/changelog/27681.txt
new file mode 100644
index 0000000000..13f5f829d5
--- /dev/null
+++ b/changelog/27681.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+secrets/pki: fix lack of serial number to a certificate read resulting in a server side error.
+```
\ No newline at end of file