I am using SecureTcpListener to create a TLS Server. However, the cert I am using is signed by a sub-CA. Therefore, the client won't accept the cert if they only trust the root CA. Is there a way to have SecureTcpListener send both the sub-CA and the root CA so the client can verify the whole chain?

Thanks.

The SecureSocket [and hence the SecureTcpListener] sends the entire certificate chain if the certificates in the chain can be found.

To test whether the library can find all the certificates, you can use the following line of code:

Certificate[] certs = servercert.GetCertificateChain().GetCertificates();

where 'servercert' is the server certificate you pass to the SecureTcpListener. The library is unable to find the intermediate CA certificate if the 'certs' array only contains one certificate.