Hi,
I had a case opened with TAC regarding the same question and bellow is their answer :
Kindly note that I did a lab test to check if the matching criteria in the “Distinguished Name” is “AND” or “OR”, and I confirmed that the matching criteria is “AND”, please check below results from my lab:
à I have added “ISSURE-CN” that is matching the issuer in my certificate, and I was able to connect successfully.
à I have added extra “ISSUER-CN” that is not matching the issuer in my certificate to confirm the matching criteria , and the connection failed due to certificate error :”Certificate Validation Failure”.