I use printf output some debug infomation on server error is below:accepting local ip:(null) tcp port:1081accept return 6 SSL_set_fd(ssl, new_normal_tcp_fd);success SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); passed SSL_accept failed return 0 253:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate:s3_pkt.c:1054:SSL alert number 42 on client error is below :bind( slave_normal_tcp_fd, (struct sockaddr *)&mine, sizeof(struct sockaddr)); success connecting 192.168.1.203 port 1081 connect master successOpenSSL_add_all_algorithms(); passed SSL_load_error_strings(); passed SSL_CTX_set_cipher_list success SSL_CTX_load_verify_locations(ctx,CA_CERT_FILE_NAME,CA_CERT_FILE_PATH); success SSL_CTX_use_certificate_file(ctx,SLAVE_CERT_FILE, SSL_FILETYPE_PEM); success SSL_CTX_check_private_key success private key agrees with the public key SSL_set_fd(ssl, slave_normal_tcp_fd);success SSL_set_fd passed before SSL_connect a fatal error occurred 165:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:s3_clnt.c:888: and my OpenSSL command line:build ca's key and self signed cert openssl genrsa -out cakey.pem 1024 openssl req -new -x509 -key cakey.pem -out cacert.pem -config openssl.cnf --------------------------------------------- build master's key and csr file 1.build key file openssl genrsa -out master.key 10242.build csr file openssl req -new -key master.key -out master.csr -------------------------------------------------- build slave's key and csr file openssl genrsa -out slave.key 1024 openssl req -new -key slave.key -out slave.csr-------------------------------------------------- sign master and slave's cert with use ca's key openssl ca -cert cacert.pem -keyfile cakey.pem -in master.csr -verbose -md md5 openssl ca -cert cacert.pem -keyfile cakey.pem -in slave.csr -verbose -md md5 -------------------------------------------------- in practice I use master and slave instead of server and client any error with my command line?