So I have been trying to submit the technical add-on, but this TLS certificate issue is perplexing. We are using requests.post in my app to make API calls to our product server from Splunk. After the initial response from the App Review team, we added an option for the users to add a location to their own certificate which is then used in the requests.post.But the response that we have gotten from the App Review team is to "make sure you bundle your own CA certs as part of your app and pass the path into requests.post as an arg."Does that mean we set up a private CA, generate the certificate, and bundle it with the app?
Why do we still need to bundle the certificate when we have given it as an option to the end user?
Lastly, if we generate the certificate, can the same certificate be used by all app users? In our case, every customer has their own instance of our product just like every user has their own Splunk instance.