^{Originally posted by jcorporation October 26, 2025}

• In my local setup I use a Root CA certificate that is trusted by all my local clients.
• This certificate signs only other intermediate CA certificates.
• This intermediate CA certificates signs server certificates.

For struct mg_tls_opts I can only declare a server certificate and no chain certificate(s). I tried to append the Intermediate CA certificate to the server certificate, but Mongoose only delivers the server certificate and not the intermediate. I checked this with the openssl s_client command.

In other webserver implementation it is possible to add a separate chain file or/and append the intermediate to the server certificate.

I use the OpenSSL backend. Is this a bug or simply not implemented? If not implemented do you consider to implement this feature? I think it is a very common setup and best practice for CA's.