The bad_certificate alert (TLS alert code 42) is sent when one side of the TLS connection receives a certificate that it considers structurally invalid. This differs from trust-related errors (like unknown_ca) — bad_certificate means the certificate itself is malformed: it might have an invalid encoding, a corrupt signature, unsupported extensions, or other structural problems that prevent it from being parsed and validated. This alert can apply to either the server certificate (sent by the server) or a client certificate (sent during mutual TLS). It indicates a fundamental problem with the certificate data, not just a trust relationship.
The certificate file on the server was corrupted during transfer, editing, or storage. PEM files are Base64-encoded and any stray characters, missing lines, or encoding issues will make the certificate unparseable.
The server is configured with a certificate that does not correspond to the private key being used. The TLS library cannot construct valid handshake messages when the key does not match the certificate, and some implementations signal this as bad_certificate.
The certificate may be in DER format when the server expects PEM, or it may use cryptographic algorithms or extensions that the TLS implementation does not support.
Parse the certificate file with openssl to check for encoding errors. If this command fails, the certificate file is corrupt or in the wrong format.
openssl x509 -in cert.pem -noout -text
Compare the modulus (for RSA) or public key of the certificate and private key. They must produce the same hash — if they differ, you have a mismatch.
diff <(openssl x509 -noout -modulus -in cert.pem | openssl md5) <(openssl rsa -noout -modulus -in key.pem | openssl md5)
If the certificate file is corrupt, re-download it from your CA's portal or re-export it from the source. Ensure you use the correct PEM format with proper BEGIN/END markers.
Verify that the domain resolves to the server you expect. If DNS points to the wrong server, you may be receiving a certificate from an unrelated host.
Check DNS RecordsThe certificate type is not supported by the TLS implementation or does not meet the required criteria.
The certificate was rejected for a reason not covered by other specific TLS certificate alerts.
The browser does not trust the Certificate Authority that signed the server's SSL certificate.
The TLS handshake could not be completed because the client and server failed to negotiate acceptable security parameters.