I ensured that the client side ssl profile did "ignore" requests for client certificates. I then ensured the on-demand cert auth requested a client certificate which works (I see my machine presenting certificate). I then created another on-demand cert auth with a require option for client certificate. I then created the branch rules below on the second on-demand cert auth. The first works as expected but when trying to acquire subject, common name, issue, etc...this fails. I am stomped.
Thanks Kris
expr { [mcget {session.ssl.cert.cn} ] contains "myName" }
this fails. Not finding common name and ensured case matched. I also tried ensuring lower case with [string tolower [mcget {session.ssl.cert.name}]]
expr { [mcget {session.ssl.cert.exist} ] == "0" }
this passes and allows access. Client cert exists