The best way to debug this is not to keep restarting the AOLserver, but instead to use the command line SSL tool "openssl" to verify the CAFile for correct operation.
The man page for openssl has more information; most likely you will want to read up on how to use "openssl s_client verify" and such.
