Not sure if I can offer the best answer, but if you only need 1-way SSL, supplying the JKS file in the Listen Step and enabling the Use SSL to Client should be sufficient. Optionally, you could roll the cert into the webreckeys, but I would do that after verifying that there are no issues with the keystore, and after taking a copy of webreckeys for recovery purposes.
What technique did you use to convert the .crt file to a JKS?
For example, via a utility like openssl to convert the .crt to a .p12, then use keytool to import the .p12 and create a .jks.
What do you see when you CLICK the Verify option in the Listen step? Does your jks validate properly?
Also, what happens when you point to the location of the JKS and try a call from the client application?
If you are able to run the service in ITR mode, have the client send an HTTPS request after enabling debug so you can watch the handshake. Or, turn on SSL debugging via a vmoptions change.