When the Server ( the WebService ) presents it's SSL server certificate to the client to prove it's identity and to exchange the plublic key, the client needs to have the root certificate from the certificate authority to prove that the server is who it says it is. The certificate authority ( in your case Thawte ), by issuing the server certificate to the WebService, sort of guarantees that the WebService is legitimate. You, the client, need to pair the WebServices' server certicifate with the root certificate from the certificate authority. For that the root certificate needs to be present in the client's certificate store - which in Progress' case is located in $DLC/certs ( or %DLC%\certs when you are on Windows ). Progress povides the $DLC/bin/certutil ( which is a wrapper for OpenSSL ) to import certificates into the store.
Do not confuse $DLC/certs with $DLC/keys - the latter holds the SSL server certificates which can be use by the Progress Database and AppServer for example.
Heavy Regards, RealHeavyDude.