Which certificate configuration step prevents trust errors when users access a TLS-enabled server behind Citrix ADC?

Presenting a complete certificate chain is essential for trust in TLS. When a server behind Citrix ADC uses TLS, the client validates the server’s certificate by tracing a path up to a trusted root in the client’s trust store. If the server certificate isn’t linked with its intermediate (and sometimes root) certificates, the client can’t complete that chain and will report a trust error. By configuring the ADC so the server certificate is accompanied by its intermediate and root certificates, the ADC can deliver the full chain during the handshake, allowing clients to validate it against their trusted roots and establish trust. The other options don’t address the chain of trust: the private key belongs on the server, not the client; a public key mismatch is a certificate/key validity issue rather than a chain-trust issue; and the client does not need to install the server certificate if the chain is complete and the issuing CA is trusted by the client.