i have three java based web application app1,app2 and app3 at production. All 3 are verified by verified CA’s and hosted on 3 different web servers
and on https.
app1,app2 is verified by secure trust.app3 is verified by trustwave .

Below is the hierarchy of certificates of certificates ,i can see when i hit any of these app thru web browser.

app1,app2 certificate hirerarchy is same .e

 Entrust.net Secure Server Certification Authority---> SecureTrust CA------->*.myAppDomain.com

app3 certificate hirerarchy is

           Entrust.net Secure Server Certification Authority---> SecureTrust CA------->TrustWave Organization Validation CA, L------->*.myApp3.com

Now when app1 connect to app2 , works fine. But when app1 connects to app3 gets below exception

   javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: 
   sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Now i had a look on cacert file(i.e trust store) inside jdk on web server hosting app1 . I tried to found the entries for Entrust,SecureTrust,TrustWave but found only entries like entrustevca, entrust2048ca etc. So if i go by the logic that if root certificate (which is Entrust for both the applications app2 and app3 ) lies in trust store of contacting application(app3) ,which i can see in cacert file on app3 ,then i should not get the above mentioned error when app1 tries to contact app3 thru httpsURLConnection. I am not gettting the cause of this? i am not sure do we need to include the trustwave also , though the root certificate i.e Entrust which internally authenticate trustwave already there?

If i need to include trustwave certificate(used by app2) in cacert file on app3 then by that logic i should also inlcude
securetrust(used by app2) in cacert file on app3 but it is working Fine?