So the second step for me was to import them so my JVM(s) would recognize the certificate as "trusted".
To get your JVM to trust the certificate, you import it into your keystore using the keytool executable (found in your JDK bin directory):
[jboss@j2apptest01 bin]$ ./keytool -import -alias SomeWebserviceName -file ~/SomeCertificateFileName.CERIf the keystore does not exist yet, the tool will prompt you to enter a keystore password. Remember that password, as you will need to use it to import new certificates or export or view current ones.
It will then display all the keys and other info about the certificate and ask you to confirm that you really want to import. You will want to verify the keys match up to what you think you are importing, of course. Then type "yes" and it should tell you the certificate was added.
After that, our calls to the web service started to ork again, like magic.