How distribute client-wide certificate for mutual TLS?

  certificate, client, ssl, windows

We have Windows applications (C++/C#) that need to communicate to devices using TLS.
The requirement is that we need to use mutual TLS authentication.
The client certificate is not user specific but application and application version specific.

What is the best and secure way to distribute the client certificates?

  • Using Installshield installer to install cert in cert store?
  • If in cert store, using a application specific random password to secure?
  • Add it binary inside resource of the executable?

I am quite new to the certificate world, so any help or advice would be appreciated.

Source: Windows Questions