Hey @gigaset, I don't believe the problem is with the certificate itself, based on the error messages there is something wrong during the TLS handshake, before the certificate is validated. That's why ssl.verification_mode: none did not work.
It seems the server you're connecting to does not support the TLS versions Heartbeat is using. By default Heartbeat supports: TLSv1.1, TLSv1.2, TLSv1.3
One way to see the protocols suported by your server is to run curl with the -v option:
curl -v --insecure https://localhost:8000/
* Trying 127.0.0.1:8000...
* Connected to localhost (127.0.0.1) port 8000 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.0 (IN), TLS handshake, Certificate (11):
* TLSv1.0 (IN), TLS handshake, Server key exchange (12):
* TLSv1.0 (IN), TLS handshake, Server finished (14):
* TLSv1.0 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.0 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.0 (OUT), TLS handshake, Finished (20):
* TLSv1.0 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1 / ECDHE-RSA-AES128-SHA
* ALPN, server accepted to use h2
* Server certificate:
There you can see the different protocols tried by curl as well as the final one negotiated with the remote server, in that example it's: * SSL connection using TLSv1 / ECDHE-RSA-AES128-SHA.