diff --git a/CHANGES.md b/CHANGES.md
index 3ecdd5d99b..31e183f395 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1172,6 +1172,11 @@ OpenSSL 3.0
 
    *Martin Elshuber*
 
+ * `PKCS12_parse` now maintains the order of the parsed certificates
+   when outputting them via `*ca` (rather than reversing it).
+
+   *David von Oheimb*
+
 OpenSSL 1.1.1
 -------------
 
diff --git a/crypto/pkcs12/p12_kiss.c b/crypto/pkcs12/p12_kiss.c
index eaf6501c1c..4cbf4530ff 100644
--- a/crypto/pkcs12/p12_kiss.c
+++ b/crypto/pkcs12/p12_kiss.c
@@ -89,7 +89,7 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
         goto err;
     }
 
-    while ((x = sk_X509_pop(ocerts))) {
+    while ((x = sk_X509_shift(ocerts))) {
         if (pkey != NULL && *pkey != NULL
                 && cert != NULL && *cert == NULL) {
             ERR_set_mark();