These errors typically occur when a certificate with the trusted source expires or changes.  In order to resolve this, you can use a browser like Internet Explorer to extract the new cert based on the URL.  Or if you are using WAS 6.1 and above, there is a feature that allows you to dynamically pull the source from the URL and install it directly into the trust store without having to extract and install it.

Within the WAS 6.1 admin console, navigate to the following:

SSL certificate and key management > Key stores and certificates > NodeDefaultTrustStore > Signer certificates

In my case, I am using the NodeDefaultTrustStore for my certificates.  Now click on the not so obvious button called Retrieve From port.  Enter the URL of the webservice endpoint (ie the WSDL URL) and also the port.  For SSL, it’s probably 443.  Now enter the certificate name of your choice that make the most sense and click Apply.  This will pull the cert down from the URL / port and install the certificate for you.