diff --git a/src/core/ksslcertificatemanager.h b/src/core/ksslcertificatemanager.h
--- a/src/core/ksslcertificatemanager.h
+++ b/src/core/ksslcertificatemanager.h
@@ -109,9 +109,9 @@
     QList<QSslCertificate> caCertificates() const;
 
     /** @deprecated since 5.64, use the corresponding QSslError variant. */
-    static KIOCORE_DEPRECATED QList<KSslError> nonIgnorableErrors(const QList<KSslError> &);
+    static KIOCORE_DEPRECATED QList<KSslError> nonIgnorableErrors(const QList<KSslError> &errors);
     /** @deprecated since 5.64, use the corresponding QSslError variant. */
-    static KIOCORE_DEPRECATED QList<KSslError::Error> nonIgnorableErrors(const QList<KSslError::Error> &);
+    static KIOCORE_DEPRECATED QList<KSslError::Error> nonIgnorableErrors(const QList<KSslError::Error> &errors);
     /**
      * Returns the subset of @p errors that cannot be ignored, ie. that is considered fatal.
      * @since 5.64
diff --git a/src/core/ksslcertificatemanager.cpp b/src/core/ksslcertificatemanager.cpp
--- a/src/core/ksslcertificatemanager.cpp
+++ b/src/core/ksslcertificatemanager.cpp
@@ -506,25 +506,34 @@
 }
 
 //static
-QList<KSslError> KSslCertificateManager::nonIgnorableErrors(const QList<KSslError> &/*e*/)
+QList<KSslError> KSslCertificateManager::nonIgnorableErrors(const QList<KSslError> &errors)
 {
     QList<KSslError> ret;
-    // ### add filtering here...
+    // errors not handled in KSSLD
+    std::copy_if(errors.begin(), errors.end(), std::back_inserter(ret), [](const KSslError &e) {
+        return e.error() == KSslError::NoPeerCertificate || e.error() == KSslError::PathLengthExceeded;
+    });
     return ret;
 }
 
 //static
-QList<KSslError::Error> KSslCertificateManager::nonIgnorableErrors(const QList<KSslError::Error> &/*e*/)
+QList<KSslError::Error> KSslCertificateManager::nonIgnorableErrors(const QList<KSslError::Error> &errors)
 {
     QList<KSslError::Error> ret;
-    // ### add filtering here...
+    // errors not handled in KSSLD
+    std::copy_if(errors.begin(), errors.end(), std::back_inserter(ret), [](const KSslError::Error &e) {
+        return e == KSslError::NoPeerCertificate || e == KSslError::PathLengthExceeded;
+    });
     return ret;
 }
 
 QList<QSslError> KSslCertificateManager::nonIgnorableErrors(const QList<QSslError> &errors)
 {
-    Q_UNUSED(errors)
-    // ### add filtering here...
+    QList<QSslError> ret;
+    // errors not handled in KSSLD
+    std::copy_if(errors.begin(), errors.end(), std::back_inserter(ret), [](const QSslError &e) {
+        return e.error() == QSslError::NoPeerCertificate || e.error() == QSslError::PathLengthExceeded || e.error() == QSslError::NoSslSupport;
+    });
     return {};
 }