diff --git a/cmake/JSSTests.cmake b/cmake/JSSTests.cmake
index 5010eb9f3..2d6091786 100644
--- a/cmake/JSSTests.cmake
+++ b/cmake/JSSTests.cmake
@@ -186,6 +186,11 @@ macro(jss_tests)
         COMMAND "pk12util" "-o" "${RESULTS_NSSDB_OUTPUT_DIR}/dss.pfx" "-n" "CA_DSS" "-d" "${RESULTS_NSSDB_OUTPUT_DIR}" "-K" "${DB_PWD}" "-W" "${DB_PWD}"
         DEPENDS "Generate_known_DSS_cert_pair"
     )
+    jss_test_java(
+        NAME "Netscape_Security_PKCS10"
+        COMMAND "org.mozilla.jss.tests.PKCS10Test"
+        DEPENDS "Setup_DBs"
+    )
     jss_test_java(
         NAME "List_CA_certs"
         COMMAND "org.mozilla.jss.tests.ListCACerts" "${RESULTS_NSSDB_OUTPUT_DIR}" "Verbose"
@@ -264,12 +269,12 @@ macro(jss_tests)
     jss_test_java(
         NAME "KeyStoreTest"
         COMMAND "org.mozilla.jss.tests.KeyStoreTest" "${RESULTS_NSSDB_OUTPUT_DIR}" "${PASSWORD_FILE}" getAliases
-        DEPENDS "List_CA_certs" "X509CertTest" "Secret_Key_Generation" "Symmetric_Key_Deriving" "SSLClientAuth"
+        DEPENDS "List_CA_certs" "X509CertTest" "Secret_Key_Generation" "Symmetric_Key_Deriving" "SSLClientAuth" "Netscape_Security_PKCS10"
     )
     jss_test_java(
         NAME "JSSProvider"
         COMMAND "org.mozilla.jss.tests.JSSProvider" "${RESULTS_NSSDB_OUTPUT_DIR}" "${PASSWORD_FILE}"
-        DEPENDS "List_CA_certs" "X509CertTest" "Secret_Key_Generation" "Symmetric_Key_Deriving" "SSLClientAuth"
+        DEPENDS "List_CA_certs" "X509CertTest" "Secret_Key_Generation" "Symmetric_Key_Deriving" "SSLClientAuth" "Netscape_Security_PKCS10"
     )
     jss_test_java(
         NAME "SSLEngine_RSA"
diff --git a/org/mozilla/jss/netscape/security/pkcs/PKCS10.java b/org/mozilla/jss/netscape/security/pkcs/PKCS10.java
index f64d4a40b..d4970f36a 100644
--- a/org/mozilla/jss/netscape/security/pkcs/PKCS10.java
+++ b/org/mozilla/jss/netscape/security/pkcs/PKCS10.java
@@ -157,13 +157,10 @@ public PKCS10(byte data[], boolean sigver)
         //
         // Inner sequence:  version, name, key, attributes
         //
-        @SuppressWarnings("unused")
-        BigInt serial = seq[0].data.getInteger(); // consume serial
-
-        /*
-        	if (serial.toInt () != 0)
-        	    throw new IllegalArgumentException ("not PKCS #10 v1");
-        */
+        BigInt version = seq[0].data.getInteger(); // consume version number
+        if (version.toInt() != 0) {
+            throw new IllegalArgumentException ("unknown version: not PKCS #10 v1: " + version);
+        }
 
         subject = new X500Name(seq[0].data);
         msg = "Request Subject: " + subject + ": ";
diff --git a/org/mozilla/jss/netscape/security/provider/RSAPublicKey.java b/org/mozilla/jss/netscape/security/provider/RSAPublicKey.java
index 2c5886acb..debc6f19e 100644
--- a/org/mozilla/jss/netscape/security/provider/RSAPublicKey.java
+++ b/org/mozilla/jss/netscape/security/provider/RSAPublicKey.java
@@ -19,6 +19,7 @@
 
 import java.io.IOException;
 import java.io.Serializable;
+import java.math.BigInteger;
 import java.security.InvalidKeyException;
 
 import org.mozilla.jss.netscape.security.util.BigInt;
@@ -64,6 +65,14 @@ in bits (redundant!)
     public RSAPublicKey() {
     }
 
+    /*
+     * Make a RSA public key out of a public exponent and modulus
+     * in the standard classes (BigInteger).
+     */
+    public RSAPublicKey(BigInteger modulus, BigInteger exponent) throws InvalidKeyException {
+        this(new BigInt(modulus), new BigInt(exponent));
+    }
+
     /**
      * Make a RSA public key out of a public exponent and modulus
      */
diff --git a/org/mozilla/jss/netscape/security/x509/CertAndKeyGen.java b/org/mozilla/jss/netscape/security/x509/CertAndKeyGen.java
index 3ae767793..d454583ee 100644
--- a/org/mozilla/jss/netscape/security/x509/CertAndKeyGen.java
+++ b/org/mozilla/jss/netscape/security/x509/CertAndKeyGen.java
@@ -125,6 +125,12 @@ public void generate(int keyBits)
         if (publicKey instanceof X509Key) {
             this.publicKey = (X509Key) publicKey;
 
+        } else if (publicKey instanceof java.security.interfaces.RSAPublicKey) {
+            java.security.interfaces.RSAPublicKey rsa = (java.security.interfaces.RSAPublicKey) publicKey;
+            this.publicKey = new org.mozilla.jss.netscape.security.provider.RSAPublicKey(
+                rsa.getModulus(),
+                rsa.getPublicExponent()
+            );
         } else {
             throw new InvalidKeyException("public key " + publicKey +
                       " not an X509Key.");
diff --git a/org/mozilla/jss/tests/PKCS10Test.java b/org/mozilla/jss/tests/PKCS10Test.java
new file mode 100644
index 000000000..d683ed931
--- /dev/null
+++ b/org/mozilla/jss/tests/PKCS10Test.java
@@ -0,0 +1,20 @@
+package org.mozilla.jss.tests;
+
+import java.security.PublicKey;
+import java.security.KeyPair;
+import java.security.interfaces.*;
+
+import org.mozilla.jss.*;
+import org.mozilla.jss.crypto.*;
+import org.mozilla.jss.netscape.security.pkcs.*;
+import org.mozilla.jss.netscape.security.x509.*;
+
+public class PKCS10Test {
+    public static void main(String[] args) throws Exception {
+        CryptoManager cm = CryptoManager.getInstance();
+
+        CertAndKeyGen ckg = new CertAndKeyGen("RSA", "SHA256withRSA");
+        ckg.generate(4096);
+        PKCS10 csr = ckg.getCertRequest(new X500Name("CN=localhost"));
+    }
+}