This might be related to known issue that User Agent does not support ECDSA certificates.
To check your CA from SMC, go to Administration -> Other Elements - Internal Certificate Authorities, if you have ECDSA active
Please revert to RSA certificates and then sign User Agent certificate with RSA key.
Note: if you do revert to CAs please follow instructions from SMC administration guide:
(starting from page 1112)
I did try use your solution and it turned to this error:
[2014-12-30 03:55:30] 996 info:listener | Incomming connection from 10.0.1.51:20080
[2014-12-30 03:55:31] 996 info:sg_client | TLS channel WANT_READ/WANT_WRITE.
[2014-12-30 03:55:32] 996 ERROR:sg_client | SSL_accept failed 
[2014-12-30 03:55:32] 996 ERROR:sg_client | error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
[2014-12-30 03:55:32] 996 ERROR:listener | Client 10.0.1.51:20080 could not be accepted [-6]
[2014-12-30 03:55:32] 996 ERROR:SSLConnection | Accept error
Thanks and Regards!
now that you have RSA CA in use, if not done yet please generate a new certificate for the User Agent in SMC and import it into the User Agent properties. If the CA change was successful the firewall should also have an RSA certificate at this point instead of ECDSA, and it should be able to communicate with the UA.
 page 880 step 10 in admin guide