diff --git a/packages/connection-encrypter-tls/src/utils.ts b/packages/connection-encrypter-tls/src/utils.ts
index c3ea807f62..c0b6005932 100644
--- a/packages/connection-encrypter-tls/src/utils.ts
+++ b/packages/connection-encrypter-tls/src/utils.ts
@@ -153,8 +153,7 @@ export async function generateCertificate (peerId: PeerId): Promise<{ cert: stri
   }
 
   const selfCert = await x509.X509CertificateGenerator.createSelfSigned({
-    serialNumber: uint8ArrayToString(crypto.getRandomValues(new Uint8Array(9)), 'base16'),
-    name: '',
+    serialNumber: generateSerialNumber(),
     notBefore: new Date(now - CERT_VALIDITY_PERIOD_FROM),
     notAfter: new Date(now + CERT_VALIDITY_PERIOD_TO),
     signingAlgorithm: alg,
@@ -186,6 +185,19 @@ export async function generateCertificate (peerId: PeerId): Promise<{ cert: stri
   }
 }
 
+function generateSerialNumber (): string {
+  // HACK: serial numbers starting with 80 generated by @peculiar/x509 don't
+  // work with TLSSocket, remove when https://github.com/PeculiarVentures/x509/issues/74
+  // is resolved
+  while (true) {
+    const serialNumber = (Math.random() * Math.pow(2, 52)).toFixed(0)
+
+    if (!serialNumber.startsWith('80')) {
+      return serialNumber
+    }
+  }
+}
+
 /**
  * @see https://github.com/libp2p/specs/blob/master/tls/tls.md#libp2p-public-key-extension
  */