Maxscale uses SSL_CTX_use_certificate_file in https://github.com/mariadb-corporation/MaxScale/blob/2.1/server/core/listener.c#L302 . This means it will read only the first file from the pem file specified. MariaDB server in contrast uses SSL_CTX_use_certificate_chain_file in https://github.com/MariaDB/server/blob/10.2/vio/viosslfactories.c#L113 . This loads the first cert in the file as the certificate and puts the rest in the chain store. As per the documentation of openssl here https://wiki.openssl.org/index.php/Manual:SSL_CTX_use_certificate(3) , the usage of SSL_CTX_use_certificate_file in maxscale can be safely replace by SSL_CTX_use_certificate_chain_file since hard coded type PEM is used for SSL_CTX_use_certificate_file.