TOR connection down in a HA, tor, BMS setup with single cacert file

2689 juno
Topo:
host1='root@10.204.217.7'
host2='root@10.204.217.11'
host3='root@10.204.217.50'
host4='root@10.204.217.48'
host5='root@10.204.217.54'
host6='root@10.204.216.72'
host7='root@10.204.216.68'
ext_routers = [('yuvaraj', '10.204.217.190')]
router_asn = 64512
public_vn_rtgt = 10000
public_vn_subnet = "10.84.41.0/24"
host_build = 'stack@10.204.216.49'
env.roledefs = {
    'all': [host1, host2, host3, host4, host5, host6, host7],
    'cfgm': [host1, host2, host3],
    'openstack':[host1, host2, host3],
    'collector': [host1, host2, host3],
    'webui': [host1],
    'control': [host1, host2, host3],
    'compute': [host4, host5, host6, host7],
    'toragent': [host6, host7],
    'tsn': [host6, host7],
    'database': [host1, host2, host3],
    'build': [host_build],
}
env.ha = {
    'internal_vip' : '10.204.217.200',
    'internal_virtual_router_id' : 139,
}

I deleted the cacert file on the tor and the qfx that was generated after provisioning. This is so that I could use a single cacert file. After enabling xmpp auth with proper knobs set in conf files, and having only one cacert file for both xmpp and tor, running setup_tors makes the tor connection down:
root@nodec15:~# contrail-status
== Contrail vRouter ==
supervisor-vrouter: active
contrail-tor-agent-1 initializing (ToR:bng-contrail-qfx51-12 connection down)
contrail-tor-agent-4 initializing (ToR:br0 connection down)
contrail-vrouter-agent active (XMPP:dns-server:10.204.217.11, XMPP:dns-server:10.204.217.7 connection down)
contrail-vrouter-nodemgr active

The trace on the tor introspect has these certificate mismatch messages:
2015-12-30 10:10:25.932 TcpSessionMessageTrace: Session 10.204.216.72:9999::10.204.217.7:33528 > SSL Handshake failed due to error: 336105650 category: asio.ssl message: no certificate returned controller/src/io/ssl_server.cc 85