diff --git a/src/TLSClient.cpp b/src/TLSClient.cpp
index db4283408..ceffb5f34 100644
--- a/src/TLSClient.cpp
+++ b/src/TLSClient.cpp
@@ -295,6 +295,9 @@ int TLSClient::verify_certificate () const
   if (_trust == TLSClient::allow_all)
     return 0;
 
+  if (_debug)
+    std::cout << "c: INFO Verifying certificate.\n";
+
   // This verification function uses the trusted CAs in the credentials
   // structure. So you must have installed one or more CA certificates.
   unsigned int status = 0;
@@ -310,6 +313,14 @@ int TLSClient::verify_certificate () const
       std::cout << "c: ERROR Certificate verification peers3 failed. " << gnutls_strerror (ret) << "\n";
     return GNUTLS_E_CERTIFICATE_ERROR;
   }
+
+  // status 16450 == 0100000001000010
+  //   GNUTLS_CERT_INVALID             1<<1
+  //   GNUTLS_CERT_SIGNER_NOT_FOUND    1<<6
+  //   GNUTLS_CERT_UNEXPECTED_OWNER    1<<14  Hostname does not match
+
+  if (_debug && status)
+    std::cout << "c: ERROR Certificate status=" << status << "\n";
 #else
   int ret = gnutls_certificate_verify_peers2 (_session, &status);
   if (ret < 0)
@@ -319,6 +330,9 @@ int TLSClient::verify_certificate () const
     return GNUTLS_E_CERTIFICATE_ERROR;
   }
 
+  if (_debug && status)
+    std::cout << "c: ERROR Certificate status=" << status << "\n";
+
   if ((status == 0) && (_trust != TLSClient::ignore_hostname))
   {
     if (gnutls_certificate_type_get (_session) == GNUTLS_CRT_X509)