httpd – Glassfish JK SSL Listener 502 Invalid gateway

I have set up a very simple Apache + Glassfish cluster configuration.

It works fine if I create and use a listener that uses the default http listener-1.

However, if I switch to a secure listener using http-listener-2, the connection is made, but then disconnected, and the user receives the 502 Bad Gateway error. This message is displayed in mod_jk.log

(Wed Dec 04 16:17:55.905 2019) (6957:139970911750336) (debug) jk_open_socket::jk_connect.c (674): socket TCP_NODELAY set to On
(Wed Dec 04 16:17:55.905 2019) (6957:139970911750336) (debug) jk_open_socket::jk_connect.c (711): socket SO_KEEPALIVE set to On
(Wed Dec 04 16:17:55.905 2019) (6957:139970911750336) (debug) jk_open_socket::jk_connect.c (763): timeout 300 set for socket=16
(Wed Dec 04 16:17:55.905 2019) (6957:139970911750336) (debug) jk_open_socket::jk_connect.c (798): trying to connect socket 16 to 10.0.10.4:28010
(Wed Dec 04 16:17:55.906 2019) (6957:139970911750336) (debug) jk_open_socket::jk_connect.c (824): socket 16 (10.0.30.4:39278 -> 10.0.10.4:28010) connected

other log entries in between....

(Wed Dec 04 16:17:55.907 2019) (6957:139970911750336) (debug) ajp_send_request::jk_ajp_common.c (1779): (worker1) request body to send 0 - request body to resend 0
(Wed Dec 04 16:17:55.909 2019) (6957:139970911750336) (debug) jk_shutdown_socket::jk_connect.c (931): About to shutdown socket 16 (10.0.30.4:39278 -> 10.0.10.4:28010)
(Wed Dec 04 16:17:55.909 2019) (6957:139970911750336) (debug) jk_is_input_event::jk_connect.c (1410): error event during poll on socket 16 (10.0.30.4:39278 -> 10.0.10.4:28010) (event=16)
(Wed Dec 04 16:17:55.909 2019) (6957:139970911750336) (debug) jk_shutdown_socket::jk_connect.c (1015): Shutdown socket 16 (10.0.30.4:39278 -> 10.0.10.4:28010) and read 0 lingering bytes in 0 sec.
(Wed Dec 04 16:17:55.909 2019) (6957:139970911750336) (info) ajp_connection_tcp_get_message::jk_ajp_common.c (1339): (worker1) can't receive the response header message from tomcat, tomcat (10.0.10.4:28010) has forced a connection close for socket 16

The configuration is quite normal. The only difference is that I use a personal certificate created by my internal CA.
The certificate was successfully added to the keystore. When I access the web app directly through port 8181, it works (with a warning) and I can verify my certificate.

Here is the https.conf part

  # Sample app
  JkMount /sample loadbalancer
  JkMount /sample/* loadbalancer

the workers.Features

worker.list=worker1,loadbalancer

# default properties for workers
worker.template.type=ajp13
worker.template.port=28010
worker.template.lbfactor=50
worker.template.connection_pool_timeout=600
worker.template.socket_keepalive=1
worker.template.socket_timeout=300

# properties for worker1
worker.worker1.reference=worker.template
worker.worker1.host=myhost.com

# properties for loadbalancer
worker.loadbalancer.type=lb
worker.loadbalancer.balance_workers=worker1

Here's Glassfish's JK connector, as you can see, on port 28010, which I've declared open.

Enter image description here