Kestrel not returning full certificate chain .NET 6
Hi all 
TL;DR
It looks Kestrel doesn't return the full certificate chain in .NET 6
I have a bit of a strange problem, maybe someone has run into this before
Part 1/2:
Background
I am working on some client libraries that integrate into an asp.net core application and am seeing some strange behaviour around mTLS.
The service is a relatively simple RESTful API for which I use mTLS to authenticate client/server when clients interact with it.
Until recently, I have only had a cli tool able to interact with the service, which itself is written using the same .NET SDK and is shipped with the service - the .NET cli tool has been using mTLS to authenticate with the service absolutely fine for a while (I have several test suites around this).
Problem
I am now developing a typescript client, which runs inside a vscode via an extension I am working on, but the TS client is having issues talking to the server as the server does not seem to be returning the full certificate chain, causing the TS client to throw an error.
The error the TS client throws is the following:
TL;DR
It looks Kestrel doesn't return the full certificate chain in .NET 6
I have a bit of a strange problem, maybe someone has run into this before
Part 1/2:
Background
I am working on some client libraries that integrate into an asp.net core application and am seeing some strange behaviour around mTLS.
The service is a relatively simple RESTful API for which I use mTLS to authenticate client/server when clients interact with it.
Until recently, I have only had a cli tool able to interact with the service, which itself is written using the same .NET SDK and is shipped with the service - the .NET cli tool has been using mTLS to authenticate with the service absolutely fine for a while (I have several test suites around this).
Problem
I am now developing a typescript client, which runs inside a vscode via an extension I am working on, but the TS client is having issues talking to the server as the server does not seem to be returning the full certificate chain, causing the TS client to throw an error.
The error the TS client throws is the following:
unable to verify the first certificate
