I would appreciate some help on the following questions I have:
 
- If I use TLS mutual authentication, do I still need a subscriber password or the TLS successful mutual session setup will assume that the client is "trusted" so it can register what it is asking to register?
 
- For large deployments, can I issue a single certificate and install it on all my telephone sets making them "trusted" to me or I need one certificate per telephone/subscriber?
 
- Anyway, can you share your "good practices" advises for large deployment?
 
- Finally, do you know any free softphone that implements mutual TLS authentication?
 
Thanks,
 
Moacir