Force SSL authentication for non-web applications

If I may add, it would generally depend on the protocol. Many applications that support SSL and client certificate authentication will usually layer the SSL over the underlying protocols, so you could certainly offload the SSL and consume the client cert using a TCP-based virtual server. Doing anything intelligent with the underlying protocol itself, if required, would depend on that protocol.

As Hamish says, APM would be a good choice for SSL authenticating HTTP-based applications, and also SSL authenticating an SSL VPN tunnel for other applications.