@bagder indeed.
However, having details on the rejected certificate displayed in the first request would have avoided the user to put himself in danger by testing the query with "-k" to understand the reason why the requests were rejected.
So, maybe the error message could be slightly improved.