Point CXF to Websphere truststore for certs?

I get ws-security's signature validation via CXF working on my service in
local Websphere when using org.apache.ws.security.crypto.merlin.file
property pointing to a file based JKS that contains my companies CA root and
issuer certs.

But when I deploy to our Prod environment I would like to have CXF use the
Websphere truststore that contains these, but I can't seem to get that to
work by default when I remove my JKS file. I have tried several approaches.
Even tried adding the certs to CellDefaultTrustStore > Signer certificates
in Websphere but that did not seem to work either.

What is the correct approach? Is there a setting to make in Websphere?
I am using the latest CXF 2.7.11 and Websphere 8.5

I know that we have the DisableIBMJAXWSEngine=true in Websphere since
CXFServlet is handling this so not sure how a Websphere based ws-security
setting would control this though.

I am really hoping there is a default way to get this working as I would
think that having to set the org.apache.ws.security.crypto.merlin.file
property to have a hard coded path to truststore file on WAS server is not
ideal.