Applications that need to securely communicate with a remote server commonly rely on the TLS1protocol. Various libraries are available for developers who want to leverage this protocol — one of the most popular being OpenSSL. Securely connecting to a server is not merely a matter of simply ``enabling'' TLS, but requires a great deal of care when implementing the client application in order to actually get the security benefits of using TLS. Most critically, TLS clients must validate the server's identity by verifying its X.509 certificate upon connection. Certificate validation is an extremely complex task, even when relying on a library such as OpenSSL. This paper provides application developers with clear and simple guidelines on how to perform certificate validation within a TLS client using OpenSSL.