Login with Digital Certificate (E-CPF, E-CNPJ) with Servlet / JSP [closed]

Hello.

I want to develop a Login system similar to what government portals use (E-CAC, NFE and similar), where the E-CNPJ is used to login.

I've done the following:

1) I created and signed an RSA private key for the server:

keytool -genkey -alias tomcat -keyalg RSA  
keytool -selfcert -alias tomcat 

2) I configured tomcat:

<Connector port="8443" maxThreads="200"  
    scheme="https" secure="true" SSLEnabled="true"  
    keystoreFile="${user.home}/.keystore" keystorePass="password"  
    clientAuth="true" sslProtocol="TLS"/> 

It worked perfectly and I was able to access link

3) I installed the ICP-Brasil chain

I followed exactly the steps described here: link

4) I implemented Servlet:

@WebServlet(name = "LerCertificado", urlPatterns = {"/lercertificado"})  
public class LerCertificado extends HttpServlet {  

    protected void processRequest(HttpServletRequest request, HttpServletResponse response)  
            throws ServletException, IOException {  
        response.setContentType("text/html;charset=UTF-8");  
        try (PrintWriter out = response.getWriter()) {  
            out.println("<html>");  
            out.println("<head><title>ServletLerCertificado</title></head>");  
            out.println("<body>");  
            out.println("<p>Certificado digital:</p>");  
            String cipherSuite = (String) request.getAttribute("javax.servlet.request.cipher_suite");  
            if (cipherSuite != null) {  
                java.security.cert.X509Certificate certChain[] = (java.security.cert.X509Certificate[]) request  
                        .getAttribute("javax.servlet.request.X509Certificate");  

                if (certChain != null) {  
                    System.out.println("Array size: " + certChain.length);  
                    for (int i = 0; i < certChain.length; i++) {  
                        String certInfo = "Client Certificate [" + i + "] = "  
                                + certChain[i].toString();  
                        out.println(certInfo);  
                    }  
                } else {  
                    out.println("Cliente sem Certificado Digital 1");  
                }  
            } else {  
                out.println("Cliente sem Certificado Digital 2");  
            }  
            out.println("</body></html>");  
        }  
    }  

    @Override  
    protected void doGet(HttpServletRequest request, HttpServletResponse response)  
            throws ServletException, IOException {  
        processRequest(request, response);  
    }  

    @Override  
    protected void doPost(HttpServletRequest request, HttpServletResponse response)  
            throws ServletException, IOException {  
        processRequest(request, response);  
    }   

}  

BUT IT DOES NOT WORK. Always falls under "Client without Digital Certificate 1"

I tested on an AWS server (I just did not do step 3) with a valid SSL certificate and it did not work, either.

Any idea what might be wrong?