One quick thing you can do to eliminate whether it is an AEM issue or a network issue, is to login to the AEM server's shell and execute a curl to consume the webservice and see whether you get a response back. If you do get a response, then the issue is with AEM. If you don't then, then it is most probably a Network issue.
You need to establish a chain of trust from the server cert to the JVM's own trusted CA certs. As long as a CA cert is available that starts that chain, you should be fine. If you self sign certs, you will need to add your signing CA to the java's keystore. You do not need to import every server's certificate. Just the trusted CA certificate that signed them all if it is not already trusted.
Import a root or intermediate CA certificate to an existing Java keystore: