CF2021 Enterprise connection over TLS to Azure Blob Storage

We are having a great deal of trouble getting a ColdFusion Enterprise web app to upload or download from Azure Blob Storage over TLS/SSL. Storage is connectable by other methods such as remote copy with an SAS key, and is on the same virtual network as the web app service.

We have a different instance of the app that was eventually able to connect, upload and download: after a lot of trial and error, we added the server's own certificate and the Root CA of the Blob Storage endpoint's certificate to Azure's TLS/SSL Settings, and suddenly everything worked great. On the problematic server, the security restrictions are a bit tighter, and it uses a different set of certificates; still, we uploaded the certs to the Azure public keystore as we did on the first server, even including all the intermediary CA certs... but nothing helps. The uploads and downloads are handled by a CFC, written for CF2018, that creates Java objects to handle the connections, but the error we're getting from them is:

"Error in setting up authentication for PDFg services."

This has nothing to do with PDFg, so I have no idea why it would be saying this.

Using CF2021's built-in methods to connect to Azure Blob Storage, we get a familiar set of SSL errors: "could not initialize class sun.security.ssl.SSLContextImpl$DefaultManagersHolder: NoSuchAlgorithmException", which is what we got before adding the certificates.

Does anyone have any advice on how to get CF 2021 Enterprise to talk to Azure Blob Storage over a secure connection?