i had the same result to a different problem... perhaps this might help you out.
it turned out my keystore only had one entry in it... and it needed the trusted cert to work....
heres my keystore from scratch
------------
keytool -genkey -alias
j2ee -keyalg RSA -keystore ./.keystore
/usr/local/ssl/misc/CA.sh -newca
/usr/local/ssl/misc/CA.sh -newcert
keytool -import -alias rug -file demoCA/cacert.pem -keystore ./.keystore
openssl x509 -in newreq.pem -out newreq2.pem
keytool -import -trustcacerts -file newreq2.pem
.hope this helps