diff --git a/test/emqx_listener_tls_verify_partial_chain_SUITE.erl b/test/emqx_listener_tls_verify_partial_chain_SUITE.erl
index 4b90b3a31..4f1d613e5 100644
--- a/test/emqx_listener_tls_verify_partial_chain_SUITE.erl
+++ b/test/emqx_listener_tls_verify_partial_chain_SUITE.erl
@@ -281,6 +281,38 @@ t_conn_success_with_server_intermediate_and_client_root_chain(Config) ->
   fail_when_ssl_error(Socket),
   ok = ssl:close(Socket).
 
+
+%% @doc once rootCA cert present in cacertfile, sibling CA signed Client cert could connect.
+t_conn_success_with_server_all_CA_bundle_and_client_root_chain(Config) ->
+  Port = emqx_test_tls_certs_helper:select_free_port(ssl),
+  DataDir = ?config(data_dir, Config),
+  Options = [{ssl_options, [ {cacertfile, filename:join(DataDir, "all-CAcerts-bundle.pem")}
+                           , {certfile, filename:join(DataDir, "server1.pem")}
+                           , {keyfile, filename:join(DataDir, "server1.key")}
+                           | ?config(ssl_config, Config)
+                           ]}],
+  emqx_listeners:start_listener(ssl, Port, Options),
+  {ok, Socket} = ssl:connect({127, 0, 0, 1}, Port, [{keyfile,  filename:join(DataDir, "client2.key")},
+                                                    {certfile,  filename:join(DataDir, "client2-root-bundle.pem")}
+                                                   ], 1000),
+  fail_when_ssl_error(Socket),
+  ok = ssl:close(Socket).
+
+t_conn_fail_with_server_two_IA_bundle_and_client_root_chain(Config) ->
+  Port = emqx_test_tls_certs_helper:select_free_port(ssl),
+  DataDir = ?config(data_dir, Config),
+  Options = [{ssl_options, [ {cacertfile, filename:join(DataDir, "two-intermediates-bundle.pem")}
+                           , {certfile, filename:join(DataDir, "server1.pem")}
+                           , {keyfile, filename:join(DataDir, "server1.key")}
+                           | ?config(ssl_config, Config)
+                           ]}],
+  emqx_listeners:start_listener(ssl, Port, Options),
+  {ok, Socket} = ssl:connect({127, 0, 0, 1}, Port, [{keyfile,  filename:join(DataDir, "client2.key")},
+                                                    {certfile,  filename:join(DataDir, "client2-root-bundle.pem")}
+                                                   ], 1000),
+  fail_when_no_ssl_alert(Socket, unknown_ca),
+  ok = ssl:close(Socket).
+
 t_error_handling_invalid_cacertfile(Config) ->
   Port = emqx_test_tls_certs_helper:select_free_port(ssl),
   DataDir = ?config(data_dir, Config),
diff --git a/test/emqx_test_tls_certs_helper.erl b/test/emqx_test_tls_certs_helper.erl
index e51ff13a9..d527b6468 100644
--- a/test/emqx_test_tls_certs_helper.erl
+++ b/test/emqx_test_tls_certs_helper.erl
@@ -246,4 +246,13 @@ generate_tls_certs(Config) ->
   os:cmd(io_lib:format("cat ~p ~p > ~p", [filename:join(DataDir, "intermediate1.pem"),
                                           filename:join(DataDir, "root.pem"),
                                           filename:join(DataDir, "intermediate1-root-bundle.pem")
+                                         ])),
+  os:cmd(io_lib:format("cat ~p ~p ~p > ~p", [filename:join(DataDir, "root.pem"),
+                                             filename:join(DataDir, "intermediate2.pem"),
+                                             filename:join(DataDir, "intermediate1.pem"),
+                                             filename:join(DataDir, "all-CAcerts-bundle.pem")
+                                            ])),
+  os:cmd(io_lib:format("cat ~p ~p > ~p", [filename:join(DataDir, "intermediate2.pem"),
+                                          filename:join(DataDir, "intermediate1.pem"),
+                                          filename:join(DataDir, "two-intermediates-bundle.pem")
                                          ])).