APM - certificate based authentication

Super old post, but here are some thoughts.

1. For mobile devices the certificate needs to be exported after validation of the mobile number. - Any suggestion on how this can be implemented. I found - Google Authenticator Token Verification, but can this be implemented in corporate environment?

Client certificate and Google Authenticator are generally different technologies (cert vs. one-time passcode). The client certificate, and private key, must be installed and accessible to whatever mobile application that needs it. Where that is depends on the mobile platform. For iOS, there's a central key store that Safari uses, but some applications actually have their own key stores.

1. The device certificate will expire after six months and then it needs to be renewed. - How I can add this in the access policy, will Client Cert Inspection function perform this or I need to put additional checks.

I want to first point out that a client certificate and a device certificate are different things. Device certificates are generally transparent to the user. As for expiration, that's a common problem often addressed by security policies and/or protocols like Simple Certificate Enrollment Protocol (SCEP).

Tiwang, are you looking for specific guidance on setting up client certificate authentication in APM, or something specific to mobile platforms?