We have a client who is trying to connect to a web server of ours using Java. On Sunday the SSL cert for this server expired, and we replaced it with a Positive SSL certificate. Since then the client is unable to connect to the web server – they get an error saying “unable to find valid certification path to requested target.”
I assume this is just because the Java libraries don’t recognize the Comodo CA – do we just need to supply our client with the servername.ca-bundle and have them import that somewhere?
Note that this is purely a client-side issue – the server is configured correctly to hand out the intermediate certificate, etc., and if you visit our server with a regular web browser there are no warnings and everything looks correct in the security dialog when you click on the lock icon.
org.apache.xmlrpc.XmlRpcException: Failed to create output stream: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at org.apache.xmlrpc.client.XmlRpcSunHttpTransport.writeRequest(XmlRpcSunHttpTransport.java:69)
at org.apache.xmlrpc.client.XmlRpcStreamTransport.sendRequest(XmlRpcStreamTransport.java:144)
at org.apache.xmlrpc.client.XmlRpcHttpTransport.sendRequest(XmlRpcHttpTransport.java:95)
at org.apache.xmlrpc.client.XmlRpcSunHttpTransport.sendRequest(XmlRpcSunHttpTransport.java:39)
at org.apache.xmlrpc.client.XmlRpcClientWorker.execute(XmlRpcClientWorker.java:53)
at org.apache.xmlrpc.client.XmlRpcClient.execute(XmlRpcClient.java:166)
at org.apache.xmlrpc.client.XmlRpcClient.execute(XmlRpcClient.java:157)
at org.apache.xmlrpc.client.XmlRpcClient.execute(XmlRpcClient.java:146)
at com.ipost.xmlrpc.client.XmlRpcManager.execute(XmlRpcManager.java:221)