The error indicates that the client (i.e., the TLS speaker on the other side) doesn’t like the certificate you presented. If you think your certificate is fine this is probably due to an error on the client. I usually see this with clients that have an old (or just plain unavailable) root certificate store. The certificate store can be unavailable for Go programs in particular if they are cross compiled and running on Windows or macOS.
As I suspected the problem is at client end. But when I am creating a ncat ssl server with the same certificate on linux machine, then those particular clients are able to connect properly. So is there any way that I can do something from server end to handle these situations?
The typical way I kind of debug this problem is by using OpenSSL client.
Openssl s_client -connect server:443
If this signed by known authorities (read verisign all those folks) you should get a error of 0.
If it is a self signed certificate you would get an error code 19. And on passing in caFile argument you should be able to obtain 0.
And if the client and server use different version of ssl we would have issues.