When accessing internal/external websites on Android Secure Web with Tunnelled and WebSSO MDX settings, it shows error stating ERR_EMPTY_RESPONSE on device. 
We can access same internal website with Tunnelled - Full VPN on Android Secure and on iOS device, it works fine with both WebSSO as well as FullVPN.

"2020-04-09T15:23:08.537+0530","MDX-MITM-ConnectFactory","ERROR     ( 2)","Failed pinned certificate verification.
javax.net.ssl.SSLPeerUnverifiedException: No peer certificate
"2020-04-09T15:23:08.537+0530","MDX-MITM-HttpsServer","ERROR     ( 2)","Exception while connecting to remote: javax.net.ssl.SSLPeerUnverifiedException: No peer certificate
java.io.IOException: javax.net.ssl.SSLPeerUnverifiedException: No peer certificate

One of the possible reasons could be related to SSL certificate bound on ADC Gateway for MAM URL.
To validate and confirm if SSL certificate linked for Gateway URL is present in full chain.

---

Problem Cause

When SSL certificate bound in ADC Gateway is not in full chain, it shows certificate error in logs and ERR_EMPTY_RESPONSE in the Secure Web application.