The issue turned out to be the certificate itself, just as the error
My mistake was assuming the issue was with our systems.
The certificate showed as being correct in the browser but weblogic's
authentication libraries appear to be stricter.
The service owner has since issued a correctly signed certificate.