diff --git a/include/zephyr/net/tls_credentials.h b/include/zephyr/net/tls_credentials.h
index 6477543f404201..2804df061018e1 100644
--- a/include/zephyr/net/tls_credentials.h
+++ b/include/zephyr/net/tls_credentials.h
@@ -107,6 +107,7 @@ int tls_credential_add(sec_tag_t tag, enum tls_credential_type type,
  * @retval -EACCES Access to the TLS credential subsystem was denied.
  * @retval -ENOENT Requested TLS credential was not found.
  * @retval -EFBIG Requested TLS credential does not fit in the buffer provided.
+ *                Check *credlen for size required.
  */
 int tls_credential_get(sec_tag_t tag, enum tls_credential_type type,
 		       void *cred, size_t *credlen);
diff --git a/subsys/net/lib/tls_credentials/tls_credentials.c b/subsys/net/lib/tls_credentials/tls_credentials.c
index 94f4d9c5cd5a90..2836c8b20c2a7e 100644
--- a/subsys/net/lib/tls_credentials/tls_credentials.c
+++ b/subsys/net/lib/tls_credentials/tls_credentials.c
@@ -11,6 +11,11 @@
 #include "tls_internal.h"
 #include "tls_credentials_digest_raw.h"
 
+#include <zephyr/logging/log.h>
+
+LOG_MODULE_DECLARE(tls_credentials,
+		   CONFIG_TLS_CREDENTIALS_LOG_LEVEL);
+
 /* Global pool of credentials shared among TLS contexts. */
 static struct tls_credential credentials[CONFIG_TLS_MAX_CREDENTIALS_NUMBER];
 
@@ -158,11 +163,18 @@ int tls_credential_get(sec_tag_t tag, enum tls_credential_type type,
 	credential = credential_get(tag, type);
 	if (credential == NULL) {
 		ret = -ENOENT;
+		*credlen = 0;
 		goto exit;
 	}
 
 	if (credential->len > *credlen) {
 		ret = -EFBIG;
+		LOG_DBG("Not enough room in the credential buffer to "
+			"retrieve credential with sectag %d and type %d. "
+			"Increase TLS_CREDENTIALS_SHELL_MAX_CRED_LEN "
+			">= %d.\n",
+			tag, (int)type, (int)credential->len);
+		*credlen = credential->len;
 		goto exit;
 	}