I had a similar problem. My endpoint was an 'Amazon Trust Services' (ATS) endpoint (you can check if it's your case if your HTTPS broker direction contains the suffix '-ats'). So, the problem was that I didn't download the correct Root CA certification. The ''VeriSign-Class 3-Public ... G5'' is not available with this kind of endpoints, so you must use a "AmazonRootCA1.pem" certificate. Hope it helps.
... View more