Most of the time that I’ve had certificate problems is because the maker of the certificate was not recognized as a CA trust..
i.e. a certificate may only be issued by a certain select number of certificate authorities e.g. Verisign.
And a locally signed certificate can be rejected..
Here is what iSeries Passport will accept as an authority http://www.zephyrcorp.com/terminal-emulation/kb/ssl_security/supported_certificate_authorities.htm