I noticed that when I ran Jenkins under https and specified the keystore to use as per http://wiki.hudson-ci.org/display/HUDSON/Starting+and+Accessing+Hudson that I was unable to connect to our https instance of crowd. I verified that the keystore contained the correct certificates but testing the connection though jenkins always resulted in an ssl error.

In order to get around this I had to specify the keystore path as a java argument:
JAVA_ARGS="-Djavax.net.ssl.trustStore=/opt/etc/keystore -Djavax.net.ssl.trustStorePassword=*****"

It appears that the crowd plugin is not using the credentials that are being used to start up winstone.