We are using AEM as content service and exporting AEM content into mobile application. For example below api will be used in mobile application and Mobile application will build the presentation layer.
/content/we-retail/us/en/products/women/shirts/jcr:content/root/content-tile.model.json
Here I basically want to authenticate AEM API before I serve the json response. In essence, I want to only accept requests from mobile applications. I should the request If anyone else calls AEM.
I am planning to use an SSL client certificate to confirm that the request is valid. I am confused who generates the SSL certificates. Is it something mobile application generates the certification and dispatcher use and add the certification. or the opposite way, AEM to generates the certificate and mobile application use
This is a little unclear. Could someone please explain to me who should create the certification file?
