I never tried this but, if I where in your shoes, I'd pull a copy of Wireshark, instruct it to use the SSL dissector on TCP 636 and have a look at a packet dump: if you're looking at an SSL failure, ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results