A properly constructed certificate includes links to the certificate which signs it, and the certificate which signs that, back to the root certificate. Both a browser and j5 (from Update 16) can resolve the chain dynamically, and so usually only needs the end certificate.
The certificate used for the j5 Server must include the full certificate chain. j5 Setup automatically verifies your certificate chain.
If you want to manually verify that you have configured a full certificate chain, open the j5 Server Certificate in a text viewer (such as Notepad). If you have imported the certificate using the KeyManager, the certificate is located here: C:\ProgramData\j5\security\ssl\server.crt.
Each certificate in the chain starts with a line which looks like this:
-----BEGIN CERTIFICATE-----
If there is only one such line, you need to include the intermediate and root certificates in this file for it to work for j5 Mobile.
If you followed the instructions above, and imported the .p7b file, you should have a full certificate chain. If you imported a .pfx or .p12 file, you may have a version of j5 Framework prior to 28.0.48231, which did not import the full certificate chain. j5 Setup verifies this information. If it has been set up incorrectly, a j5 error message appears requesting the required information for a successful setup.
In the case of a certificate signed by an external Certificate Authority, sometimes the full certificate chain isn't included. When a Certificate Authority hasn't included the full certificate chain, j5 will construct the full chain.
If you have any issues with j5 Setup, please contact j5 Support with the full certificate
chain. The full certificate chain will be in the form of a .p7b, .pfx or .p12 file,
or a collection of files representing each certificate from the signing root certificate
down to the j5 certificate.