diff --git a/src/core/ksslcertificatemanager.h b/src/core/ksslcertificatemanager.h
--- a/src/core/ksslcertificatemanager.h
+++ b/src/core/ksslcertificatemanager.h
@@ -123,10 +123,10 @@
 #if KIOCORE_ENABLE_DEPRECATED_SINCE(5, 64)
     /** @deprecated since 5.64, use the corresponding QSslError variant. */
     KIOCORE_DEPRECATED_VERSION(5, 64, "Use KSslCertificateManager::nonIgnorableErrors(const QList<QSslError> &)")
-    static QList<KSslError> nonIgnorableErrors(const QList<KSslError> &);
+    static QList<KSslError> nonIgnorableErrors(const QList<KSslError> &errors);
     /** @deprecated since 5.64, use the corresponding QSslError variant. */
     KIOCORE_DEPRECATED_VERSION(5, 64, "Use KSslCertificateManager::nonIgnorableErrors(const QList<QSslError> &)")
-    static QList<KSslError::Error> nonIgnorableErrors(const QList<KSslError::Error> &);
+    static QList<KSslError::Error> nonIgnorableErrors(const QList<KSslError::Error> &errors);
 #endif
     /**
      * Returns the subset of @p errors that cannot be ignored, ie. that is considered fatal.
diff --git a/src/core/ksslcertificatemanager.cpp b/src/core/ksslcertificatemanager.cpp
--- a/src/core/ksslcertificatemanager.cpp
+++ b/src/core/ksslcertificatemanager.cpp
@@ -506,26 +506,35 @@
 }
 
 //static
-QList<KSslError> KSslCertificateManager::nonIgnorableErrors(const QList<KSslError> &/*e*/)
+QList<KSslError> KSslCertificateManager::nonIgnorableErrors(const QList<KSslError> &errors)
 {
     QList<KSslError> ret;
-    // ### add filtering here...
+    // errors not handled in KSSLD
+    std::copy_if(errors.begin(), errors.end(), std::back_inserter(ret), [](const KSslError &e) {
+        return e.error() == KSslError::NoPeerCertificate || e.error() == KSslError::PathLengthExceeded;
+    });
     return ret;
 }
 
 //static
-QList<KSslError::Error> KSslCertificateManager::nonIgnorableErrors(const QList<KSslError::Error> &/*e*/)
+QList<KSslError::Error> KSslCertificateManager::nonIgnorableErrors(const QList<KSslError::Error> &errors)
 {
     QList<KSslError::Error> ret;
-    // ### add filtering here...
+    // errors not handled in KSSLD
+    std::copy_if(errors.begin(), errors.end(), std::back_inserter(ret), [](const KSslError::Error &e) {
+        return e == KSslError::NoPeerCertificate || e == KSslError::PathLengthExceeded;
+    });
     return ret;
 }
 
 QList<QSslError> KSslCertificateManager::nonIgnorableErrors(const QList<QSslError> &errors)
 {
-    Q_UNUSED(errors)
-    // ### add filtering here...
-    return {};
+    QList<QSslError> ret;
+    // errors not handled in KSSLD
+    std::copy_if(errors.begin(), errors.end(), std::back_inserter(ret), [](const QSslError &e) {
+        return e.error() == QSslError::NoPeerCertificate || e.error() == QSslError::PathLengthExceeded || e.error() == QSslError::NoSslSupport;
+    });
+    return ret;
 }
 
 QList<KSslCaCertificate> _allKsslCaCertificates(KSslCertificateManager *cm)