Sorry for the delay in responding.
Same result. "Invalid username or password". The new cert is OK, at least as far as Pidgin and Trillian are concerned. I'm thinking that Spark is using a Java truststore/keystore located somewhere other than its program directory or the user profile directory and won't accept the "real cert" because it already has one for that host. But I've been unable to find it even after running through the whole process with diskmon (Sysinternal's Disk Monitor, which tracks disk access by various processes in real time).