> Are you looking at the client or server logs? Is TLS certificate verification > configured on the client side, or just opportunistic unauthenticated TLS?
I was looking at both side of logs, but only expecting the client to show TRUSTED. BTW, the link you shared on Forward Secrecy was great to receive! > What is the client TLS security level? I was using "may" and then "encrypt", but learned I should have been using "verify" since this shows more information in the log files! The root cause of my woes was the server system was missing a certificate from GoDaddy. I would have sworn that I had them all, but I did not. GoDaddy gives you different bundles of certificates depending on what application you select on their web site. I ended up extracting them to separate files and calculating fngerprints and for one I had to convert to PEM from another format. # openssl x509 -in gd-g2_iis_intermediates.pem -noout -fingerprint -sha1 SHA1 Fingerprint=27:AC:93:69:FA:F2:52:07:BB:26:27:CE:FA:CC:BE:4E:F9:C3:19:B8 # openssl pkcs7 -print_certs -in gd-g2_iis_intermediates.p7b -out gd-g2_iis_intermediates.pem
