Migrating to CF9: trouble getting JRun working with SSL

I have a client on MX7 who wants to migrate to CF9. I have a dev environment for them on my WinXP machine where I've configured MX7 to run with JRun's built-in web server. I've had that working for a long time with both regular and SSL connections.

I installed CF9 yesterday side-by-side with the existing MX7 install to start testing. The install was smooth and detected MX7, adjusted CF9's port numbers for no conflict, etc. Testing started well: MX7 over regular and SSL still worked and CF9 worked over regular HTTP. But I can't get CF9 to work with SSL. I installed a new certificate with keytool, FireFox (v3.6) complained about it being unsigned, I added it to the exception list, and now I get this:

Secure Connection Failed
An error occurred during a connection to localhost:9101.
Peer reports it experienced an internal error.
(Error code: ssl_error_internal_error_alert)

I've been Googling that in all variations but can't find much help to get past this. I don't see any info in any log files either. FWIW, here's my SSL config from SERVER-INF/jrun.xml:

<service class="jrun.servlet.http.SSLService" name="SSLService">
  <attribute name="enabled">true</attribute>`
  <attribute name="interface">*</attribute>
  <attribute name="port">9101</attribute>
  <attribute name="keyStore">{jrun.rootdir}/lib/mykey</attribute>
  <attribute name="keyStorePassword">*deleted*</attribute>
  <attribute name="trustStore">{jrun.rootdir}/lib/trustStore</attribute>
  <attribute name="socketFactoryName">jrun.servlet.http.JRunSSLServerSocketFactory</attribute>
  <attribute name="deactivated">false</attribute>
  <attribute name="bindAddress">*</attribute>
  <attribute name="clientAuth">false</attribute>
</service>

Anyone here know of any issues re setting up SSL and CF9? Anyone had success with it?

Dave