LEGRAND Raritan PX3TS User Manual page 880

Appendix J: Additional PX3TS Information
860
•
Certificate A. The self-signed certificate issued by Issuer A. Issuer A is a
root CA.
The above three certificates form a certificate path, which is called the
"certificate chain".
Each certificate in the chain is the issuer certificate of the certificate that
follows it. That is, A is the issuer certificate of B, and B is the issuer certificate of
C.
Note: In fact many certificate chains may comprise only the root certificate and
a TLS server's certificate and do not have any intermediate certificate(s) like
'Certificate B' involved. Or some chains may contain more than one
intermediate certificates.
Certificate (chain) that you must upload to the receiver, such as PX3TS:
Because the TLS server provides only 'Certificate C', you need to upload a file
containing the missing certificates of the chain (that is, 'Certificate A' and
'Certificate B') to the receiver.
In reality some servers may provide a partial (or even a full) certificate chain
instead of a single server certificate. If your server provides a partial certificate
chain containing 'Certificate B' and 'Certificate C', then you only need to upload
'Certificate A" to the receiver. If the server has a full certificate chain containing
Certificates 'A', 'B', and 'C', then you also need to upload the root certificate
'A".