To prevent SSL/TLS trust errors when a user accesses a server behind Citrix ADC, what certificate configuration step is required?

TLS trust depends on the certificate chain. A client will trust a server certificate only if it can build a chain from that certificate up to a trusted root CA. To prevent trust errors when a user accesses a server behind Citrix ADC, you must provide the complete chain to the client. On the ADC, this means configuring the server certificate together with its intermediate CA certificates (and, if needed, the root) so the ADC can present the full chain during the TLS handshake. When the chain is complete, clients can validate the certificate against a trusted root and the connection won’t be flagged as untrusted. The other options don’t address the root issue: simply distributing the public key, having the user install the certificate, or sharing the private key does not fix the missing intermediate/root chain and can introduce security risks.