Is anybody can correct this irule syntaxe. Thanks

Try this. You had some encoding issues it seems, and were missing a

]

when CLIENTSSL_CLIENTCERT { 
    if {[SSL::cert count] > 0}{ 
        set client_cert [SSL::cert 0] 
        set CLIENT "[join [string trim [string map {"--BEGIN CERTIFICATE--" "" "--END CERTIFICATE--" ""} [X509::whole $client_cert]]] ""]" 
    } else { 
        log local0. "no cert found during clientssl_clientcert" 
    } 
} 
when HTTP_REQUEST { 
    if { [SSL::cert count] > 0 } { 
        set CLIENT "[join [string trim [string map {"--BEGIN CERTIFICATE--" "" "--END CERTIFICATE--" ""} [X509::whole $client_cert]]] ""]" 
        HTTP::header insert "NSClientCert" "—–BEGIN CERTIFICATE—– $CLIENT —–END CERTIFICATE—–" 
    } 
}

I realize this is an old thread, but I tried following this today, and wondered why the need to remove then add back in the BEGIN and END certificate rather than just do something like:

HTTP::header insert "NSClientCert" [string trim [X509::whole [X509::whole [SSL::cert 0]]]

to replace 

set CLIENT "[join [string trim [string map {"--BEGIN CERTIFICATE--" "" "--END CERTIFICATE--" ""} [X509::whole $client_cert]]] ""]" 
        HTTP::header insert "NSClientCert" "—–BEGIN CERTIFICATE—– $CLIENT —–END CERTIFICATE—–" 

I believe if you validate the [SSL::cert 0] at CLIENTSSL_CLIENTCERT, you don't need to add the insert header at the ClIENTSSL_CLIENTCERT and at HTTP_REQUEST, it seems redundant