convert SSL X509::serial_number into decimal

Try the below

when CLIENTSSL_CLIENTCERT {   
set ssl_cert [SSL::cert 0]   
set sn [X509::serial_number $ssl_cert]
set decimal [expr $sn]    
set subject [X509::subject $ssl_cert]   
set issuer [X509::issuer $ssl_cert]   
set valid_from [X509::not_valid_before $ssl_cert]   
set valid_to [X509::not_valid_after $ssl_cert]   
session add uie [SSL::sessionid] [list $decimal $issuer $subject $valid_from $valid_to] 1800 
}

Or try to include something like this. I think the example above will not work, because the heximal representation of the serial includes the colon signs.

set fields [split $sn ":"]
set sn_decimal ""
foreach field $fields {
    scan $field %x decimal
    set sn_decimal [concat $sn_decimal$decimal]
}

Hi,

you can use this code :

when CLIENTSSL_CLIENTCERT {
    set ssl_cert [SSL::cert 0]
    set sn_hex [X509::serial_number $ssl_cert]
     remove useless characters 
    set sn_hex [string map {" " "" ":" ""} $sn_hex]
     convert hex to decimal 
    set sn [expr 0x$sn_hex]

    set subject [X509::subject $ssl_cert]   set issuer [X509::issuer $ssl_cert]
    set valid_from [X509::not_valid_before $ssl_cert]
    set valid_to [X509::not_valid_after $ssl_cert]
    session add uie [SSL::sessionid] [list $sn $issuer $subject $valid_from $valid_to] 1800
}

when HTTP_REQUEST {
    set values [session lookup uie [SSL::sessionid] ]
    if { [lindex $values 0] != "" } {
        HTTP::header insert client_ip_address [IP::client_addr]
        HTTP::header insert client_cert_serial_num [lindex $values 0]
        HTTP::header insert client_cert_subject [lindex $values 1]
        HTTP::header insert client_cert_issuer [lindex $values 2]
        HTTP::header insert client_cert_valid_from [lindex $values 3]
        HTTP::header insert client_cert_valid_to [lindex $values 4]
    }
}