LEGRAND Raritan PX3TS User Manual page 881

Warning: The certificate (chain) uploaded to the receiver must always
contain the ROOT certificate even though the TLS server provides the root
certificate. When uploading a (partial) chain onto the PX3TS, it means you
trust each certificate in the chain to certify the authenticity of certificates a
server sends to PX3TS. Therefore, at least the root certificate must be
authentic, issued by a CA you trust, and downloaded from that CA over a
secure channel. Never implicitly trust a root certificate that is sent by the
server which you want to connect to. It could have been created by an
attacker.
If either certificate 'A' or 'B' is missing in the certificate file uploaded to the
receiver, the connection to the wanted TLS server will fail.
For PX3TS, if any required certificate is missing, a certificate error message
similar to the following is shown on the PX3TS web interface.
Appendix J: Additional PX3TS Information
861