unable to find valid certification path to requested target

We have a client who is trying to connect to a web server of ours using Java. On Sunday the SSL cert for this server expired, and we replaced it with a Positive SSL certificate. Since then the client is unable to connect to the web server – they get an error saying “unable to find valid certification path to requested target.”

I assume this is just because the Java libraries don’t recognize the Comodo CA – do we just need to supply our client with the servername.ca-bundle and have them import that somewhere?

Note that this is purely a client-side issue – the server is configured correctly to hand out the intermediate certificate, etc., and if you visit our server with a regular web browser there are no warnings and everything looks correct in the security dialog when you click on the lock icon.

org.apache.xmlrpc.XmlRpcException: Failed to create output stream: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at org.apache.xmlrpc.client.XmlRpcSunHttpTransport.writeRequest(XmlRpcSunHttpTransport.java:69)
at org.apache.xmlrpc.client.XmlRpcStreamTransport.sendRequest(XmlRpcStreamTransport.java:144)
at org.apache.xmlrpc.client.XmlRpcHttpTransport.sendRequest(XmlRpcHttpTransport.java:95)
at org.apache.xmlrpc.client.XmlRpcSunHttpTransport.sendRequest(XmlRpcSunHttpTransport.java:39)
at org.apache.xmlrpc.client.XmlRpcClientWorker.execute(XmlRpcClientWorker.java:53)
at org.apache.xmlrpc.client.XmlRpcClient.execute(XmlRpcClient.java:166)
at org.apache.xmlrpc.client.XmlRpcClient.execute(XmlRpcClient.java:157)
at org.apache.xmlrpc.client.XmlRpcClient.execute(XmlRpcClient.java:146)
at com.ipost.xmlrpc.client.XmlRpcManager.execute(XmlRpcManager.java:221)

I’m getting the same error message.
Do anyoune know how to make java recognize Comodo as an CA?

I also filed a support ticket and received the following reply:

Please be informed that Add Trust root certificate was included in the latest release of java 1.5.09 and if you update to that version this issue will no longer exist.

Our Roots are now included in the latest version of the JRE (1.5.0, aka 5.0, Update 8):
This JRE version was authenticode-timestamped on 26th July 2006.

We are also mentioned in the Release Notes:
http://java.sun.com/j2se/1.5.0/ReleaseNotes.html#150_08 (search for “Comodo”)