diff --git a/src/hush/tlsmanager.cpp b/src/hush/tlsmanager.cpp
index 0f38d96fe..75fb17b1f 100644
--- a/src/hush/tlsmanager.cpp
+++ b/src/hush/tlsmanager.cpp
@@ -425,8 +425,11 @@ bool TLSManager::CheckKeyCert()
         return false;
     }
 
-    if (wolfSSL_X509_verify(mycert, mykey) == WOLFSSL_SUCCESS) {
+    int err = wolfSSL_X509_verify(mycert, mykey);
+    if (err == WOLFSSL_SUCCESS) {
         return true;
+    } else {
+        LogPrintf("%s: x509 verification error: %d = %s\n", __func__, err);
     }
     
     LogPrintf("Generated key and certificate do not match!!!\n");
diff --git a/src/hush/utiltls.cpp b/src/hush/utiltls.cpp
index ec8e81c3b..bfddb3724 100644
--- a/src/hush/utiltls.cpp
+++ b/src/hush/utiltls.cpp
@@ -43,6 +43,7 @@ WOLFSSL_EVP_PKEY* GenerateEcKey(int nid)
 WOLFSSL_X509* GenerateCertificate(WOLFSSL_EVP_PKEY *keypair)
 {
     if (!keypair) {
+        LogPrintf("%s: Null keypair!\n", __func__);
         return NULL;
     } 
 
@@ -60,12 +61,17 @@ WOLFSSL_X509* GenerateCertificate(WOLFSSL_EVP_PKEY *keypair)
                 // private key from keypair is used; signature will be set inside of the cert
                 bCertSigned = wolfSSL_X509_sign(cert, keypair, wolfSSL_EVP_sha512());
             }
+        } else {
+            LogPrintf("%s: Unable to alloc rand bytes!\n", __func__);
         }
 
         if (!bCertSigned) {
+            LogPrintf("%s: TLS cert not signed correctly!\n", __func__);
             wolfSSL_X509_free(cert);
             cert = NULL;
         }
+    } else {
+        LogPrintf("%s: Unable to create x509 cert!\n", __func__);
     }
     
     return cert;