Hey Community! 
Check out this new guide by Rakesh Talanki | Navigating the Industry Shift in Client Authentication for Apigee mTLS
The mandatory removal of the Client Authentication EKU from Public CA certificates risks mTLS service continuity for all systems (like Apigee). Rakesh details the two strategies:
- Deploying a scalable Private CA, or
- Modernizing authentication with Demonstrating Proof of Possession (DPoP).
Read the full article now: Navigating the Industry Shift in Client Authentication for Apigee mTLS - Knowledge Hub - Google Developer forums