I have also tried to revert to the original keystore shipped as you mentioned but have had no luck with this - I still get the same errors as above.

Here is my lightstreamer configuration file for reference:

<https_server name="Lightstreamer HTTPS Server">


<!-- Mandatory. Listening TCP port. -->

<port>443</port>


<!-- Optional. Size of the system buffer for incoming TCP connections
(backlog). Overrides the default system setting. -->
<!--
<backlog>50</backlog>
-->

<!-- Optional. Settings that allow some control over the HTTP headers
of the provided responses. See the same element inside
<http_server> for a description. -->
<!--
<response_http_headers>
<echo name="cookie" />
<add name="my-header">MyValue</add>
</response_http_headers>
-->

<!-- Optional. Can be used on a multihomed host to specify the IP address
to bind the server socket to.
The default is to accept connections on any/all local addresses. -->
<!--
<listening_interface>200.0.0.1</listening_interface>
-->

<!-- Optional. Settings that allow for better identifying the remote address
of the connected clients. See the same element inside
<http_server> for a description. -->
<!--
<client_identification>
<skip_local_forwards>2</skip_local_forwards>
<log_forwards>Y</log_forwards>
</client_identification>
-->

<!-- Mandatory. Reference to the keystore used by the HTTPS service.
The file path is relative to the conf directory.
Currently, only Sun/Oracle's "JKS" keystore type is supported.
This keystore implementation has some constraints:
- only the first certificate found in the keystore is used by the
java TLS/SSL implementation to be sent to the Client
- the password of the keystore and the password of the included
certificate should be the same (hence, the <keystore_password>
subelement refers to both).
The <keystore_file> and <keystore_password> subelements are mandatory.
NOTE: The "myserver.keystore" certificate, which is provided out
of the box, is obviously not valid. In order to use it for your
experiments, remember to add a security exception to your browser. -->

<keystore>
<keystore_file>myserver.keystore</keystore_file>
<keystore_password>mypassword</keystore_password>
</keystore>


<!-- Optional and cumulative. Pattern to be matched against the names
of the enabled cipher suites in order to remove the matching ones
from the enabled cipher suites set.
Any pattern in java.util.regex.Pattern format can be specified.
This allows for customization of the choice of the cipher suite
to be used for an incoming https connection (note that reducing
the set of available cipher suites may cause some client requests
to be refused).
Note that the selection is operated on the default set of the
"enabled" cipher suites for the socket, not on the set of the
"available" cipher suites. The default set of the "enabled" cipher
suites is logged at startup by the LightstreamerLogger.connections.ssl
logger at DEBUG level. -->
<!-- <remove_cipher_suites>_DHE_</remove_cipher_suites> -->

<!-- Optional. Request to provide the Metadata Adapter with the
"principal" included in the client TLS/SSL certificate, when available.
Can be one of the following:
- Y: Upon each client connection, the availability of a client TLS/SSL
certificate is checked. If available, the included
identification data will be supplied upon calls to notifyUser.
- N: No certificate information is supplied to notifyUser and no
check is done on the client certificate.
Note that a check on the client certificate can also be requested
through <force_client_auth>.
Default: N. -->

<!-- <use_client_auth>N</use_client_auth> -->


<!-- Optional. Request to only allow clients provided with a valid TLS/SSL
certificate. Can be one of the following:
- Y: Upon each client connection, a valid TLS/SSL certificate is
requested to the client in order to accept the connection.
- N: No check is done on the client certificate.
Note that a certificate can also be requested to the client as a
consequence of <use_client_auth>.
Default: N. -->

<!-- <force_client_auth>N</force_client_auth> -->


<!-- Optional and only used when at least one of <use_client_auth> and
<force_client_auth> is set to Y. Reference to a keystore to be used
by the HTTPS service to accept client certificates.
It can be used to supply client certificates that should be
accepted, in addition to those with a valid certificate chain,
for instance while testing with self-signed certificates.
The file path is relative to the conf directory.
Currently, only Sun/Oracle's "JKS" keystore type is supported.
Note that the password to be supplied refers to the whole keystore,
not to the various certificates.
The <truststore_file> and <truststore_password> subelements are
mandatory. -->
<!--
<truststore>
<truststore_file>myserver.truststore</truststore_file>
<truststore_password>mypassword</truststore_password>
</truststore>
-->


</https_server>