Hello,
> When I do that, I now get:
>
> RAPTOR_$ openssl s_client -connect adtest:636 "-CAfile" certnew.pem
> CONNECTED(00000003)
> depth=0 /CN=adtest.altdomain2000.psccos.com
> verify error:num=20:unable to get local issuer certificate
> verify return:1
> depth=0 /CN=adtest.altdomain2000.psccos.com
> verify error:num=27:certificate not trusted
> verify return:1
> depth=0 /CN=adtest.altdomain2000.psccos.com
> verify error:num=21:unable to verify the first certificate
> verify return:1
> ---
> Certificate chain
> 0 s:/CN=adtest.altdomain2000.psccos.com
> i:/C=US/ST=CO/L=Colorado Springs/O=Process Software/CN=homeca

Get server certificate (lets say server_cert.pem) and execute:
$ openssl verify -CAfile certnew.pem server_cert.pem
if this will return success, s_client will verify successfully
this server cert too.
Next information, certnew.pem should have CA cert from:
C=US/ST=CO/L=Colorado Springs/O=Process Software/CN=homeca

Best regards,
--
Marek Marcola

__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org