You have to add the intermediate certificate(s) (the other *.crt) too, because otherwise the browser is not able to verify the certificate chain up to the builtin trusted CA. The only reason that the verification with the desktop browsers succeed is because you already visited sites which use the same intermediate certificates and the browser cached them. If you would use a fresh browser setup (or a new profile with firefox) verification would there fail too.

Thanks to @stenwt from the openshift irc channel, It finally work. Here is what i did.

cat mycert.crt cacert.ca > myapp.pem; rhc alias update-cert appname www.domain.com --certificate myapp.pem --private-key myapp.key --passphrase 'mypass'

Had a bit of trouble with the method that worked for OP. For PositiveSSL, on OpenShift, this worked for me:

cat mydomain_com.crt COMODORSADomainValidationSecureServerCA.crt  COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > ssl-bundle.crt
rhc alias update-cert myappname www.mydomain.com --certificate ssl-bundle.crt --private-key mydomain_com.key --passphrase 'mypassphrase'

Replace mydomain_com.crt with your main domain cert from Comodo
Replace myappname with your OpenShift app name
Replace www.mydomain.com with your domain alias (the one on OpenShift for your app)
Replace mydomain_com.key with the filename for your private key
Replace mypassphrase with your SSL passphrase

I've opened certificate.ca.crt and certificate.crt, with conTEXT editor, I copied the contents of certificate.crt and have pasted to the principle of certificate.ca.crt and have saved as certificate.pem, after I've uploaded to OpenShift web console, in SSL certificate *, the first box. Fixed !!