gnutls_handshake() failed - why?

I am running the following command: curl --tlsv1.2 -v --cacert ./mycert.crt --key ./key.pem --cert ./mycert.crt https://thirdparty.url I received the certificate from the third party I am working with after generating CSR and key files with openssl. My server IP is whitelisted on the third party's firewall and they can see my requests coming in but the handshake always fails. This is the response I receive: * Trying X.X.X.X... * Connected to thirdparty.url (X.X.X.X) port 443 (#0) * found 1 certificates in ./nonprod.crt * found 596 certificates in /etc/ssl/certs * ALPN, offering http/1.1 * gnutls_handshake() failed: Handshake failed * Closing connection 0 curl: (35) gnutls_handshake() failed: Handshake failed How can I debug this issue? Some info: I am running curl 7.47.0 on Ubuntu 16.04.4 I try running this command: openssl s_client -connect server.url:443 -tls1_2 -cert ./mycert.crt -key key.pem BUT I have to exclude the link URI to make it work. The response does include this however: 140593823835800:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:s3_pkt.c:1487:SSL alert number 40 140593823835800:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake failure:s3_pkt.c:656: But it also says: SSL handshake has read 3378 bytes and written 1702 bytes New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: Session-ID-ctx: Master-Key: CE2294E9B415FB8B9850DB28F64FEF17390A46D5A38F12E62E31F614DA4199CF50C0AFA5F62401C4964105AFC4F1B095 Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1528299660 Timeout : 7200 (sec) Verify return code: 0 (ok)