diff --git a/modules/core/m_server.c b/modules/core/m_server.c
index 1ceaca9f..ad8f66a9 100644
--- a/modules/core/m_server.c
+++ b/modules/core/m_server.c
@@ -189,13 +189,25 @@ mr_server(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *sourc
 		exit_client(client_p, client_p, client_p, "Access denied, requires SSL/TLS but is plaintext");
 		return;
 	case -6:
-		sendto_realops_snomask(SNO_GENERAL, L_ALL,
-		     "Connection from servername %s has invalid certificate fingerprint %s",
-		     name, client_p->certfp);
-		ilog(L_SERVER, "Access denied, invalid certificate fingerprint %s from %s",
-		     client_p->certfp, log_client_name(client_p, SHOW_IP));
+		if (client_p->certfp)
+		{
+			sendto_realops_snomask(SNO_GENERAL, L_ALL,
+			     "Connection from servername %s has invalid certificate fingerprint %s",
+			     name, client_p->certfp);
+			ilog(L_SERVER, "Access denied, invalid certificate fingerprint %s from %s",
+			     client_p->certfp, log_client_name(client_p, SHOW_IP));
+			exit_client(client_p, client_p, client_p, "Invalid fingerprint.");
+		}
+		else
+		{
+			sendto_realops_snomask(SNO_GENERAL, L_ALL,
+			    "Connection from servername %s failed certificate validation",
+			    name);
+			ilog(L_SERVER, "Access denied; certificate validation failed for certificate from %s",
+			    log_client_name(client_p, SHOW_IP));
+			exit_client(client_p, client_p, client_p, "Invalid certificate.");
+		}
 
-		exit_client(client_p, client_p, client_p, "Invalid fingerprint.");
 		return;
 	default:
 		sendto_realops_snomask(SNO_GENERAL, L_ALL,