Typically if the host name specified in the certificate does not match the one on which the server responds, the client web produces an alert message with the request for permission to continue.
But this may depend on the various browsers, you have the chance to test with a different browser?

Thank you for the snippet of log at debug level.
From the exception stack it seems that you have set to 'Y' the parameters <force_client_auth> and/or <use_client_auth>, is it?
Please note that if <force_client_auth> is setted a valid TLS/SSL certificate is requested to the client in order to accept the connection.