Verisign CA Self-Signed Cert Error?

[Josh]

Hello,
We are getting an odd self-signed cert error when using openssl s_client
to test the connection for a web service on an internal server.  This
service is protected by a Verisign certificate.  Hitting the service
with a web browser indicates a completely secure chain.

How do we present the root and intermediate CA certs to openssl to
validate the chain?  I have attempted to concatinate the needed certs in a 
file and present that with the -CAfile option, to no avail.  More details 
are presented below.

Thanks,

-Josh


CONNECTED(00000003)

---

Certificate chain

 0 s:/C=US/ST=Ohio/L=Columbus/O=Some Big Company, Inc./CN=test.bigco.com

   i:/O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign
International Server CA - Class 3/OU=www.verisign.com/CPS Incorp.by Ref.
LIABILITY LTD.(c)97 VeriSign

-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----

 1 s:/O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign
International Server CA - Class 3/OU=www.verisign.com/CPS Incorp.by Ref.
LIABILITY LTD.(c)97 VeriSign

   i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification
Authority

-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----

 2 s:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification
Authority

   i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification
Authority

-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----

---

Server certificate

subject=/C=US/ST=Ohio/L=Columbus/O=Some Big Company,
Inc./CN=test.bigco.com

issuer=/O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign
International Server CA - Class 3/OU=www.verisign.com/CPS Incorp.by Ref.
LIABILITY LTD.(c)97 VeriSign

---

No client certificate CA names sent

---

SSL handshake has read 3095 bytes and written 344 bytes

---

New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA

Server public key is 1024 bit

SSL-Session:

    Protocol  : SSLv3

    Cipher    : EDH-RSA-DES-CBC3-SHA

    Session-ID: 000000000000000047C816A300000006

    Session-ID-ctx:

    Master-Key: {DELETED}

    Key-Arg   : None

    Start Time: 1204298976

    Timeout   : 300 (sec)

    Verify return code: 19 (self signed certificate in certificate
chain)

---

HTTP/1.0 400 Bad request

Cache-Control:no-cache

Date:Fri Feb 29 10:30:01 EST 2008

Allow:GET,POST

Host:test.bigco.com

Content-Length:69

Content-Type:text/html



The HTTP request method should have three elements
(POST,URI,Version)closed

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]