openssl s_client -showcerts -connect mydomain.net:10443 -state -debug
verify error:num=20:unable to get local issuer certificate
No client certificate CA names sent
Verify return code: 21 (unable to verify the first certificate)
I am using a *.domain.net wildcard cert that utilizes the same domain for an https webportal
The interesting aspect of this is that when using the browser to navigate to the https:server.mydoamin.net:port. The browser will prompt about what cert to use and after this it will continue to work fine until that setting expires.
Is anyone having these negotiation issues?