From my local laptop (Ubuntu 15.10):
$ echo -n | openssl s_client -connect edpubs.gov:443 -servername edpubs.gov -showcerts > edpubs.gov.info
depth=2 C = US, O = "Entrust, Inc.", OU = See www.entrust.net/legal-terms, OU = "(c) 2009 Entrust, Inc. - for authorized use only", CN = Entrust Root Certification Authority - G2
verify return:1
depth=1 C = US, O = "Entrust, Inc.", OU = See www.entrust.net/legal-terms, OU = "(c) 2012 Entrust, Inc. - for authorized use only", CN = Entrust Certification Authority - L1K
verify return:1
depth=0 C = US, ST = Virginia, L = Alexandria, O = National Technical Information Service, CN = www.edpubs.gov
verify return:1
DONE
From my EC2 scanning server (Ubuntu 14.04):
$ echo -n | openssl s_client -connect edpubs.gov:443 -servername edpubs.gov -showcerts > edpubs.gov.info
depth=1 C = US, O = "Entrust, Inc.", OU = See www.entrust.net/legal-terms, OU = "(c) 2012 Entrust, Inc. - for authorized use only", CN = Entrust Certification Authority - L1K
verify error:num=20:unable to get local issuer certificate
DONE
Difference between server output (broken) and local output (working):
78c78
< SSL handshake has read 3263 bytes and written 587 bytes
---
> SSL handshake has read 3263 bytes and written 584 bytes
89c89
< Session-ID: AB3F0000E1713536B119A25BDB5D95325BCC47633F97EC3BC992C05557C1958A
---
> Session-ID: 9E170000735F75CB07AD2442B7C39C6F2E82C985DF5F91577A4DDC9BEC58165E
91c91
< Master-Key: F773743E05A63E03B49F88F99D5AE04728B0ECC1E353E31461AB890509F058AC423B4E00C0E3B31E667C9DD14B7A8F7D
---
> Master-Key: 5415849BA1994917038297EC83F21E931ECBB63E00FCD4D8E98288BF2D662AB3538055E05EB7CC0251CF3AF53D3774F3
96c96
< Start Time: 1447804033
---
> Start Time: 1447801933
98c98
< Verify return code: 20 (unable to get local issuer certificate)
---
> Verify return code: 0 (ok)
Both the server and the local machine are using the same version of openssl, OpenSSL 1.0.2d 9 Jul 2015.