I needed to add all of the certificates in the chain, e.g.

The web service exception reported the serial identifier for the E8 certificate.

Note that I was using a third-party tool to call the web services and so I did not directly add the certificates to the jvm's keystore but, that may have happened in the background.