Unable to generate server certificate from root CA and preserve hierarchy

[darind]

I am trying to generate a X509 certificate from a root CA and use it as a server certificate. I tried the following from the demo:

var serviceProvider = new ServiceCollection()
    .AddCertificateManager()
    .BuildServiceProvider();

var createClientServerAuthCerts = serviceProvider.GetService<CreateCertificatesClientServerAuth>();

var rootCaL1 = createClientServerAuthCerts.NewRootCertificate(
    new DistinguishedName { CommonName = "root dev", Country = "IT" },
    new ValidityPeriod { ValidFrom = DateTime.UtcNow, ValidTo = DateTime.UtcNow.AddYears(10) },
    3,
    "localhost");

var intermediateCaL2 = createClientServerAuthCerts.NewIntermediateChainedCertificate(
    new DistinguishedName { CommonName = "intermediate dev", Country = "FR" },
    new ValidityPeriod { ValidFrom = DateTime.UtcNow, ValidTo = DateTime.UtcNow.AddYears(10) },
    2,
    "localhost",
    rootCaL1);

var serverL3 = createClientServerAuthCerts.NewServerChainedCertificate(
    new DistinguishedName { CommonName = "server", Country = "DE" },
    new ValidityPeriod { ValidFrom = DateTime.UtcNow, ValidTo = DateTime.UtcNow.AddYears(10) },
    "localhost",
    intermediateCaL2);

When I try to use the resulting leaf certificate (serverL3) on an HTTP server, I get the following certificate hierarchy:

Whereas what I am trying to achieve is the following:

Is this possible using AspNetCoreCertificates?

[White7292]

I believe I'm also running into the same issue? Although, chances are that I'm simply not using the library properly...

I'm trying to generate a chain of trust: which I can do with OpenSSL directly to get something like this:

But... when I try (a different chain) with the code- I don't get the chain:

The chain I'm expecting to have is: root > root-intermediate > tenant-X-intermediate > organization-X-intermediate > device-X-leaf certificate for Azure IoT Hub.