diff --git a/lib/http.js b/lib/http.js
index 7143224e..dfa0273c 100644
--- a/lib/http.js
+++ b/lib/http.js
@@ -10,10 +10,16 @@ import {getDocumentStore} from './helpers.js';
 import {issue} from './issuer.js';
 import {issueCredentialBody} from '../schemas/bedrock-vc-issuer.js';
 import {logger} from './logger.js';
+import {serializeError} from 'serialize-error';
 import {createValidateMiddleware as validate} from '@bedrock/validation';
 
 const {util: {BedrockError}} = bedrock;
 
+const ALLOWED_ERROR_KEYS = [
+  'message', 'name', 'type', 'data', 'errors', 'error', 'details', 'cause',
+  'status'
+];
+
 // FIXME: remove and apply at top-level application
 bedrock.events.on('bedrock-express.configure.bodyParser', app => {
   app.use(bodyParser.json({
@@ -147,25 +153,26 @@ function _throwWrappedError({cause}) {
 }
 
 function _stripStackTrace(error) {
-  // copy error data
-  const stripped = {...error};
-  if(error.name) {
-    stripped.name = error.name;
-  }
-  if(error.message) {
-    stripped.message = error.message;
+  // serialize error and allow-list specific properties
+  const serialized = serializeError(error);
+  const _error = {};
+  for(const key of ALLOWED_ERROR_KEYS) {
+    if(serialized[key] !== undefined) {
+      _error[key] = serialized[key];
+    }
   }
-  // remove stack
-  delete stripped.stack;
   // strip other potential stack data
-  if(stripped.errors) {
-    stripped.errors = stripped.errors.map(_stripStackTrace);
+  if(_error.errors) {
+    _error.errors = _error.errors.map(_stripStackTrace);
+  }
+  if(Array.isArray(_error.details?.errors)) {
+    _error.details.errors = _error.details.errors.map(_stripStackTrace);
   }
-  if(stripped.cause) {
-    stripped.cause = _stripStackTrace(stripped.cause);
+  if(_error.cause) {
+    _error.cause = _stripStackTrace(_error.cause);
   }
-  if(stripped.details?.cause) {
-    stripped.details.cause = _stripStackTrace(stripped.details.cause);
+  if(_error.details?.cause) {
+    _error.details.cause = _stripStackTrace(_error.details.cause);
   }
-  return stripped;
+  return _error;
 }
diff --git a/package.json b/package.json
index c5adef41..317d2e6c 100644
--- a/package.json
+++ b/package.json
@@ -52,6 +52,7 @@
     "cors": "^2.8.5",
     "klona": "^2.0.6",
     "lru-cache": "^6.0.0",
+    "serialize-error": "^11.0.3",
     "uuid": "^10.0.0"
   },
   "peerDependencies": {