Quite often, you can't connect to an SSL site because .NET will tell you that the certificate is invalid.
This openssl command shows you the certificate errors:
openssl s_client -connect company.co.nz:443|openssl x509 -text
The output looks like:
depth=2 CN = Company Root CA
verify error:num=19:self signed certificate in certificate chain
Version: 3 (0x2)
It also checks the intermediate and root CA certificate validation chain.