HaProxy forward X509 user certificate to tomcat backend

Question

I have a tomcat that requires a valid client certificate to establish a connection.

server.port=8443
server.ssl.key-store=${config-dir}/webserver.p12
server.ssl.key-store-password=****
server.ssl.trust-store=${config-dir}/truststore.jks
server.ssl.trust-store-password=****
server.ssl.client-auth=need

A HAProxy should now be connected in front of it, but HAProxy does not get a connection to the backend because the client certificate is apparently not being passed on correctly.

My current config looks like this:

frontend https_frontend_test
    bind *:8443 ssl crt /etc/haproxy/certs/haproxy.pem verify optional ca-file /etc/haproxy/certs/rootCA.pem
    http-request set-header X-SSL-Client-Cert          %{+Q}[ssl_c_der,base64]
    http-request set-header X-SSL-Client-CN            %{+Q}[ssl_c_s_dn(cn)]
    http-request set-header X-SSL-Client-Verify        %[ssl_c_verify]
    mode http
    option forwardfor
    acl is_test path_beg -i /test
    use_backend test_backend if is_test

backend test_backend
    mode http
    option httpchk GET /var/modules/test/ready.txt
    # There is a software that controls the cluster and with this link haproxy can check which server is ready.
    # You can ignore this part and "check port 9010" from below
    http-request set-header X-SSL-Client-DN            %[ssl_c_s_dn]
    http-request set-header X-SSL-Client-Cert          %{+Q}[ssl_c_der,base64]
    http-request set-header X-SSL-Client-CN            %{+Q}[ssl_c_s_dn(cn)]
    http-request set-header X-SSL-Client-Verify        %[ssl_c_verify]
    server server1 192.168.2.10:8443 check port 9010 ssl verify none
    #server server1 192.168.2.11:8443 check port 9010 ssl verify none

HAProxy Log:

Jan  4 14:33:35 haproxy[60533]: *IP*:55752 [04/Jan/2024:14:33:35.208] https_frontend_test/1: SSL handshake failure
Jan  4 14:33:41 haproxy[60533]: *IP*:61442 [04/Jan/2024:14:33:41.429] https_frontend_test/1: SSL handshake failure
Jan  4 14:33:41 haproxy[60533]: *IP*:61443 [04/Jan/2024:14:33:41.441] https_frontend_test/1: SSL handshake failure
Jan  4 14:33:41 haproxy[60533]: *IP*:61444 [04/Jan/2024:14:33:41.515] https_frontend_test~ test_backend/server1 0/11/59 0 SD 13/1/0/0/0 0/0

Browser Output:

ERR_EMPTY_RESPONSE

Does anyone have any advice on how to configure this correctly? When I set server.ssl.client-auth=need to want, I get a login page, but the authentication via certificate does not work.