Hi Thiyagu,
When configured for SSL termination, a server certificate is the only
required certificate needed by the ACE. However, if the CA certificate that
signed this server certificate is not in a client's list of trusted certs,
this CA cert can also be installed on the ACE and used in a chaingroup so
that the client doesn't get a pop-up warning. But CA certs in a chaingroup
are typically one or more intermediate CA certificates, not the root CA
certificate. See:
http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.0
0_A2/configuration/ssl/guide/terminat.html#wp1062182
Hope it helps!!