diff --git a/security/stunnel/src/opnsense/mvc/app/controllers/OPNsense/Stunnel/forms/dialogService.xml b/security/stunnel/src/opnsense/mvc/app/controllers/OPNsense/Stunnel/forms/dialogService.xml
index dc8008bd9..2b7f7bb64 100644
--- a/security/stunnel/src/opnsense/mvc/app/controllers/OPNsense/Stunnel/forms/dialogService.xml
+++ b/security/stunnel/src/opnsense/mvc/app/controllers/OPNsense/Stunnel/forms/dialogService.xml
@@ -41,17 +41,6 @@
         <type>dropdown</type>
         <help><![CDATA[Select a certificate to use for this service.]]></help>
     </field>
-    <field>
-        <id>service.chainIntermediateCAs</id>
-        <label>Chain intermediate CAs</label>
-        <type>checkbox</type>
-        <advanced>true</advanced>
-        <help><![CDATA[
-          Bundle the selected certificate with its intermediate certificate authorities together to form a certificate chain.
-          If you plan to use PKI to identify clients, you usually don't want to enable this as it expands the trust chain to all
-          certificates created by any of the parent certificates.
-          ]]></help>
-    </field>
     <field>
         <id>service.cacert</id>
         <label>CA to validate connections to</label>
diff --git a/security/stunnel/src/opnsense/mvc/app/models/OPNsense/Stunnel/Stunnel.xml b/security/stunnel/src/opnsense/mvc/app/models/OPNsense/Stunnel/Stunnel.xml
index d81c05a6a..13e2f02fd 100644
--- a/security/stunnel/src/opnsense/mvc/app/models/OPNsense/Stunnel/Stunnel.xml
+++ b/security/stunnel/src/opnsense/mvc/app/models/OPNsense/Stunnel/Stunnel.xml
@@ -1,6 +1,6 @@
 <model>
     <mount>//OPNsense/Stunnel</mount>
-    <version>1.0.4</version>
+    <version>1.0.3</version>
     <description>
         Stunnel TLS encryption proxy
     </description>
@@ -81,10 +81,6 @@
                     <Type>cert</Type>
                     <ValidationMessage>Please select a valid certificate from the list</ValidationMessage>
                 </servercert>
-                <chainIntermediateCAs type="BooleanField">
-                    <default>0</default>
-                    <Required>Y</Required>
-                </chainIntermediateCAs>
                 <description type="TextField">
                     <Required>N</Required>
                     <mask>/^([\t\n\v\f\r 0-9a-zA-Z.\-,_\x{00A0}-\x{FFFF}]){0,255}$/u</mask>
diff --git a/security/stunnel/src/opnsense/scripts/stunnel/generate_certs.php b/security/stunnel/src/opnsense/scripts/stunnel/generate_certs.php
index a28ac6919..4aeb667e4 100755
--- a/security/stunnel/src/opnsense/scripts/stunnel/generate_certs.php
+++ b/security/stunnel/src/opnsense/scripts/stunnel/generate_certs.php
@@ -46,12 +46,10 @@ foreach ($stunnel->services->service->iterateItems() as $service) {
         foreach ($configObj->cert as $cert) {
             if ($srv_certid == (string)$cert->refid) {
                 $all_certs["{$base_path}/{$this_uuid}.crt"] = base64_decode((string)$cert->crt);
-                if (!empty((string)$service->chainIntermediateCAs)) {
-                    $certArr = (array)$cert;
-                    $chain = ca_chain($certArr);
-                    if (!empty($chain)) {
-                        $all_certs["{$base_path}/{$this_uuid}.crt"] .= "\n" . $chain;
-                    }
+                $certArr = (array)$cert;
+                $chain = ca_chain($certArr);
+                if (!empty($chain)) {
+                    $all_certs["{$base_path}/{$this_uuid}.crt"] .= "\n" . $chain;
                 }
                 $all_certs["{$base_path}/{$this_uuid}.crt"] .= "\n" . base64_decode((string)$cert->prv);
             }