diff --git a/platform/src/ssl_fetch_cert.cpp b/platform/src/ssl_fetch_cert.cpp
index 853d58c..57ce781 100644
--- a/platform/src/ssl_fetch_cert.cpp
+++ b/platform/src/ssl_fetch_cert.cpp
@@ -178,6 +178,7 @@ void ssl_mid_cert_kafka_logger_send(const char *sni, const char *fingerprint, co
 void ssl_fetch_trusted_cert_from_chain(STACK_OF(X509) * cert_chain, X509_STORE *trusted_store, const char *hostname) {
 	int          ret;
 	int          deep;
+	char        *pem = NULL;
 	char        *subj = NULL;
 	char        *issuer = NULL;
 	char        *fingerprint = NULL;
@@ -203,19 +204,21 @@ void ssl_fetch_trusted_cert_from_chain(STACK_OF(X509) * cert_chain, X509_STORE *
 
 		stmp.type = X509_LU_NONE;
 		stmp.data.ptr = NULL;
-		ret = X509_LOOKUP_by_subject(lookup, X509_LU_X509, X509_get_issuer_name(cert), &stmp);
+		ret = X509_LOOKUP_by_subject(lookup, X509_LU_X509, X509_get_subject_name(cert), &stmp);
 		subj = ssl_x509_subject(cert);
 		issuer = ssl_x509_issuer(cert);
 		fingerprint = ssl_x509_fingerprint(cert, 0);
-		TFE_LOG_DEBUG(g_default_logger, "[dep:%d/%d] sin:%s, subject:(%s); issuer:(%s); fingerprint:%s; in_trusted_store:%d", i, deep,
-			hostname, subj ? subj : "NULL", issuer ? issuer : "NULL", fingerprint ? fingerprint : "NULL", ret);
-		if (!ret) {
-			char *pem = ssl_x509_to_pem(cert);
-			if (pem) {
-				ssl_mid_cert_kafka_logger_send(hostname, fingerprint, pem);
-				free(pem);
-			}
+		pem = ssl_x509_to_pem(cert);
+
+		TFE_LOG_ERROR(g_default_logger, "[dep:%d/%d] in_trusted_store:%d, sin:%s; subject:(%s); issuer:(%s); fingerprint:%s; cert:%s",
+			i, deep, ret, (hostname ? hostname : "NULL"), (subj ? subj : "NULL"), (issuer ? issuer : "NULL"), (fingerprint ? fingerprint : "NULL"),
+			((pem &&  g_kafka_logger->enable == 0x10) ? pem : " ..."));
+		
+		if (!ret && fingerprint && pem) {
+			ssl_mid_cert_kafka_logger_send(hostname, fingerprint, pem);
 		}
+		if (pem)
+			free(pem);
 		if (subj)
 			free(subj);
 		if (issuer)