Two-Way SSL (mTLS) Not Working Between Apache HTTPD and Apache Tomcat

Issue

• When accessing via the web server (Apache) URL, we receive the following error when mTLS is enabled on Tomcat. When mTLS is turned off on Tomcat, the URL/app works fine.

  javax.net.ssl|DEBUG|A2|https-jsse-nio-10.179.239.184-8443-exec-3|2026-03-18 15:41:52.692 EDT|CertificateMessage.java:372|Consuming client Certificate handshake message (
  "Certificates": <empty list>
  ) 
  javax.net.ssl|ERROR|A2|https-jsse-nio-10.179.239.184-8443-exec-3|2026-03-18 15:41:52.692 EDT|TransportContext.java:375|Fatal (BAD_CERTIFICATE): Empty client certificate chain (
  "throwable" : {
    javax.net.ssl.SSLHandshakeException: Empty client certificate chain
          at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
          at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
          at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:370)
          at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:326) 
          at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:317)
          at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:390) 
          at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:375)
          at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396)