SSL/TLS Client certificate Authentication using RewriteCond and Rewrite Rules to perceptively redirect traffic not authorized

SSL/TLS Client certificate Authentication using RewriteCond and Rewrite
Rules to perceptively redirect traffic not authorized

I finally end up to write here because I´m badly struggling against
apache, SSL/TLS and a client certificate authentication that should use
the certificate´s Serial Number to restrict access to a specific API call.
better to explain with some details:
The user must be able to access:
https://{host}/apiv3xx/s?test without any problem and restriction but for
the following url:
https://{host}/apiv3xx/x?action=login&user=blablabla a client certificate
is required in order to perform the call. I thought to implement the
following solution:
<Location /apiv3xx>
SetEnv api 1
SSLOptions +StdEnvVars -ExportCertData
SSLVerifyClient optional
SSLVerifyDepth 10
</Location>
and in addition some rewrite rules to control the logic:
RewriteCond %{REQUEST_URI} ^/apiv3xx/ [NC]
RewriteCond %{QUERY_STRING} action=log([^&]*)?(?=&|$) [NC,OR]
RewriteCond %{QUERY_STRING} action=adm([^&]*)?(?=&|$) [NC,OR]
RewriteCond %{QUERY_STRING} action=ctc([^&]*)?(?=&|$) [NC]
RewriteCond %{SSL:SSL_CLIENT_M_SERIAL}
!(01000000000140AAD72ACCXXXXXX|02000000000140BAD37F1XXXXXXX)
RewriteCond %{SSL:SSL_CLIENT_VERIFY} !^SUCCESS$
RewriteRule (.*) - [F,L]
so... my problem now is simple: I´m not receiving any Serial number from
the request and, logically, the Conditions are not satisfied.
I´ve spinned around the web for days searching for a solution and I found
only this old article (from which I deduct my solution eventually) but it
seems useless.
Do anyone of you have an idea on how to solve this tricky and apparently
easy issue?
My apologies in advance if I´m bothering with a request faced tons of
times...but I honestly didn´t find so much help around.
Cheers Simone