3704644 - mTLS connection fails with "Server sent 0 trusted CA name(s) for client authentication" shown on ICM logs

An mTLS connection is configured between an ABAP client and an external server (e.g. via RFC or CL_HTTP_CLIENT). The server system expects authentication via SSL certificates, but connection fails, followed by an HTTP Response with status 403.
Even though the client's Root CA certificate has already been uploaded to the external server's certificate list, ICM trace shows a message such as the below one:

[Thr 123456789012345] CCL[SSL]: Cli-00123FED: Server requested client authentication [ssl3_decode_certificate_request]
[Thr 123456789012345] CCL[SSL]: Cli-00123FED: Server supports 2 client certificate type(s) [ssl3_decode_certificate_request]
[Thr 123456789012345] CCL[SSL]: Cli-00123FED:     certificate type<0>: rsa_sign (1) [ssl3_log_certificate_type]
[Thr 123456789012345] CCL[SSL]: Cli-00123FED:     certificate type<1>: ecdsa_sign (64) [ssl3_log_certificate_type]
[Thr 123456789012345] CCL[SSL]: Cli-00123FED: Server sent 0 trusted CA name(s) for client authentication [ssl3_decode_certificate_re
[Thr 123456789012345]   SSL:SSL_read(netin=   52) hs, processed=   52  (remain=9)
[Thr 123456789012345] CCL[SSL]: Cli-00123FED: Cannot perform client authentication: Have no certificate fitting to CA names received
[Thr 123456789012345] CCL[SSL]: Cli-00123FED: Sending message with empty certificate list [ssl3_send_client_certificate]
[Thr 123456789012345] CCL[SSL]: Cli-00123FED: Sending empty Certificate message. [tls1_empty_cert_list]

• ABAP platform
• SAP NetWeaver

Server sent 0 trusted CA name(s) for client authentication, Cannot perform client authentication, Have no certificate fitting to CA names received, Sending message with empty certificate list, type G, RFC , KBA , BC-SEC-SSL-CFG , SSL/TLS Configuration for ABAP , BC-CST-IC , Internet Communication Manager , BC-MID-ICF , Internet Communication Framework , Problem