Thank you @NorthMcCormick and @gmarziou
@gmarziou, I had assumed this client certificate would be shared post app install - for example as of today, if the server SSL certificate is self-signed, one needs to install the profile in the device (as simple as emailing the certificate to yourself and installing it in the phone). My assumption is there will be a similar approach for client certificates (which could be wrong)
@NorthMcCormick, thanks for that link. I did come across it in my initial research but as you have said, it was not a particularly reassuring thread Given that it was 3 years ago, I was hoping this might have been addressed.