diff --git a/gateway/src/apicast/policy/tls_validation/tls_validation.lua b/gateway/src/apicast/policy/tls_validation/tls_validation.lua
index 795e74925..8e7cf6f1d 100644
--- a/gateway/src/apicast/policy/tls_validation/tls_validation.lua
+++ b/gateway/src/apicast/policy/tls_validation/tls_validation.lua
@@ -60,6 +60,11 @@ end
 
 function _M:access()
   local cert = X509.parse_pem_cert(ngx.var.ssl_client_raw_cert)
+  if not cert then
+    ngx.status = self.error_status
+    ngx.say("No required SSL certificate was sent")
+    return ngx.exit(ngx.status)
+  end
   local store = self.x509_store
 
   local ok, err = store:validate_cert(cert)
diff --git a/t/apicast-policy-tls_validation.t b/t/apicast-policy-tls_validation.t
index 4bb95b727..a8517cf91 100644
--- a/t/apicast-policy-tls_validation.t
+++ b/t/apicast-policy-tls_validation.t
@@ -154,7 +154,7 @@ proxy_pass https://$server_addr:$apicast_port/t;
 proxy_set_header Host test;
 log_by_lua_block { collectgarbage() }
 --- response_body
-Invalid certificate verification context
+No required SSL certificate was sent
 --- error_code: 400
 --- no_error_log
 [error]