[Fri Nov 15 16:03:13 2013] [warn] Proxy client certificate callback: (sample.com:443) downstream server wanted client certificate but none are configured
Expired or not currently valid CertificateThe certificate might be expired or it could have been issued for a date in the future. You can check the validity using:
openssl s_client -connect sample.com:443 | openssl x509 -noout -dates depth=0 /C=Argentina/ST=FL/L=Buenos Aires/O=My Company, LLC/OU=Operations/CN=sample.com/emailAddressfirstname.lastname@example.org verify error:num=18:self signed certificate verify return:1 depth=0 /C=Argentina/ST=FL/L=Buenos Aires/O=My Company, LLC/OU=Operations/CN=sample.com/emailAddressemail@example.com verify return:1 notBefore=Jan 24 13:29:12 2012 GMT notAfter=Jan 21 13:29:12 2024 GMTRecreating the certificate resolved the issue.
Tomcat miss configurationThe SSL Connector was having the below configuration set to "optional" but when using apache as a reverse proxy for load balancing this configuration is not needed. We should use the default which is "none":