Sometimes the CA hierarchy described in the server certificate is incomplete or needs another certificate (default ones use by browsers or private ones).
Figure 1. Certificate Viewer; Details Tab
When this occurs, you will have this kind of error message when
you set FGLWSDEBUG:
WS-DEBUG (Security error) Error with certificate at depth: 3 issuer = /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority subject = /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority err 19:self signed certificate in certificate chain WS-DEBUG END
This means openssl is looking for a third ancestor that is not listed in the hierarchy above. In this example, gatewaybeta.fedex.com only has two ancestors, and none are named "Class 3 Public Primary Certification Authority". You need to download the root certificates from VeriSign and add "Class 3 Public Primary Certification Authority" in your CA list.