添加 SSL 证书后出现 curl 错误：“无法获取本地颁发者证书”

我正在尝试访问合作伙伴的 SOAP API，为此我创建了一个 CSR 并收到了一个 CRT。我用我的密钥和 CRT 创建了一个 PEM 文件：

cat mycert.crt mykey.key > mycertandkey.pem

当我尝试使用 curl 访问该服务时：

curl --verbose --cert mycertandkey.pem https://partner/service?wsdl
* Hostname was NOT found in DNS cache
*   Trying IP.IP.IP.IP...
* Connected to PARTNER (IP.IP.IP.IP) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS alert, Server hello (2):
* SSL certificate problem: unable to get local issuer certificate
* Closing connection 0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.

现在，当我尝试使用 -k 选项时，一切都正常工作，但我宁愿添加他们当前的 SSL 证书，这样我就可以在没有 -k 选项的情况下进行连接。

我想尝试以下答案中的第二种选择，但目前还没有成功：https://stackoverflow.com/a/24618403/2730032

我使用 openssl 从我的合作伙伴服务中检索了不同的证书，如下所示：https://stackoverflow.com/a/7886248/2730032

之后我尝试将这些证书添加到我的服务器https://superuser.com/a/437377

但到目前为止，如果没有 -k 标志，我仍然无法让 curl 工作。我检索所需证书的方式或将其添加到系统的方式是否错误？还是我的一般方法有误？

编辑1：当我尝试通过 SSL 获取证书时发生以下情况

openssl s_client -showcerts -connect PARTNER:443 </dev/null
CONNECTED(00000003)
depth=0 O = PARTNER_INFO, OU = PARTNER_INFO, CN = PARTNER_INFO
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 O = PARTNER_INFO, OU = PARTNER_INFO, CN = PARTNER_INFO
verify error:num=27:certificate not trusted
verify return:1
depth=0 O = PARTNER_INFO, OU = PARTNER_INFO, CN = PARTNER_INFO
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
 0 s:/O=PARTNER_INFO/OU=PARTNER_INFO/CN=PARTNER_INFO
   i:/C=PARTNER_INFO/ST=PARTNER_INFO/L=PARTNER_INFO/O=PARTNER_INFO/OU=PARTNER_INFO/CN=PARTNER_INFO CA/emailAddress=PARTNER_INFO
-----BEGIN CERTIFICATE-----
CERTIFICATE1
-----END CERTIFICATE-----
 1 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure Server CA - G3
   i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
-----BEGIN CERTIFICATE-----
CERTIFICATE2
-----END CERTIFICATE-----
 2 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
   i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
-----BEGIN CERTIFICATE-----
CERTIFICATE3
-----END CERTIFICATE-----
---
Server certificate
subject=/O=PARTNER_INFO/OU=PARTNER_INFO/CN=PARTNER_INFO
issuer=/C=PARTNER_INFO/ST=PARTNER_INFO/L=PARTNER_INFO/O=PARTNER_INFO/OU=PARTNER_INFO/CN=PARTNER_INFO CA/emailAddress=PARTNER_INFO
---
No client certificate CA names sent
---
SSL handshake has read 3872 bytes and written 503 bytes
---
MORE INFO...

我也尝试过openssl s_client -showcerts -key mycertandkey.pem -connect PARTNER:443 </dev/null但它给出了相同的结果（和证书）。

编辑2：正如我在目前唯一的答案中评论的那样：相关合作伙伴将 Gandi CA 添加到他们的服务器（至少他们是这样告诉我的），现在它可以正常工作了。因此，由于他们的证书现在由我的默认 CA 包中的 CA 签名，因此我现在可以在没有 -k 标志的情况下让 curl 工作。但是，如果知道我该如何解决这个问题就好了。