Hello,
> Using cURL with Linux, I want to make a webservice request to a remote
> server which requires an X509 cert.
>
> I got a Trial SSL Certificate by Verisign and obtained three files which

I
> copied into my machine (client):
> - ssl.key (private key, generated by my server)
> - verisign.crt (SSL certificate by Verisign)
> - verisign-ca.crt (Intermediate and Root Trial CA by Verisign)
> This last file were obtained from:
>

http://www.verisign.com/support/veri...secure-server-

> intermediate/index.html
>

http://www.verisign.com/support/veri...oot/index.html

>
> I tried with:
>
> []# curl -d "firstName=John&lastName=Smith" -G -v --key ssl.key --cert
> verisign.crt --cacert verisign-ca.crt

https://www.domain.com/webservice.asp
>
> But I got this error message:
> --------
> * SSL certificate problem, verify that the CA cert is OK. Details:
> error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
> verify failed
> * Closing connection #0
> curl: (60) SSL certificate problem, verify that the CA cert is OK.
> Details:
> error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
> verify failed
> More details here: http://curl.haxx.se/docs/sslcerts.html
> ----------
>
> Must I send VeriSign Intermediate and Root CA certificates to webservice
> server so that they install it?
> Must I use only certificates generated by the same CA which use this
> webservice server?

This is information that your client is unable to verify your server
certificate.
In other words, client has not enough information (CA certs) to verify
certificate sent by server.
You may check this with:
$ openssl verify -CAfile verisign-ca.crt server_cert.pem
You should get OK, if not - you must check your certificate issuer
and CA cert subject (and intermediate certs if exists).

Best regards,
--
Marek Marcola

__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org