diff --git a/ChangeLog.d/fix-issue-x509-cert_write.txt b/ChangeLog.d/fix-issue-x509-cert_write.txt
new file mode 100644
index 000000000..7e1f31d2e
--- /dev/null
+++ b/ChangeLog.d/fix-issue-x509-cert_write.txt
@@ -0,0 +1,2 @@
+Bugfix
+   * Fix possible NULL dereference issue in X509 cert_write program if an entry in the san parameter is not separated by a colon.
diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c
index 5e0d608bc..19215c954 100644
--- a/programs/x509/cert_write.c
+++ b/programs/x509/cert_write.c
@@ -584,7 +584,7 @@ usage:
                 if ((subtype_value = strchr(q, ':')) != NULL) {
                     *subtype_value++ = '\0';
                 } else {
-                    mbedtls_printf("Invalid argument for option SAN: Entry should be seperated by a colon\n");
+                    mbedtls_printf("Invalid argument for option SAN: Entry should be separated by a colon\n");
                     goto usage;
                 }
                 if (strcmp(q, "RFC822") == 0) {