Client Self-Signed Certificate require and forward as header

• normal traffic hit on 443 is terminated and forwarded as new session to the web servers
• specific URL should request client certificate, the validation performed on the backend server, accepting self-signed certificates received on a header

We have the following iRule implemented, but failing to successfully accept the self-signed certificate sent back after the renegotiation... Any idea on how we can fix it ?

Thank you

when CLIENT_ACCEPTED { 
    set session_flag 0
}
when CLIENTSSL_HANDSHAKE {
            if { [SSL::cert count] != 0 } {
                        log local0. "Received client cert, releasing HTTP request."
                HTTP::release
            }
}
when HTTP_REQUEST {
            switch -glob -- [string tolower [HTTP::uri]] {
                        "/service" {
                                    
                                        if { [SSL::cert count] == 0} {
                                                
                                                HTTP::collect
                                                set session_flag 1
                                                SSL::authenticate once
                                                SSL::cert mode require
                                                SSL::renegotiate
                                    }
                                    HTTP::header insert X-ENV-SSL_CLIENT_CERTIFICATE [b64encode [SSL::cert 0]]
                        } 
                        default {
                                    log local0. "No certificate needed for: [HTTP::uri]"
                        }
            }
}