I have an REST API written in Spring Framework. I want to implement mutual TSL authentication. I know that server has a certificate and client should also have one, but the first question is where does he get it from? Second question would be how to make my API and Android App use it?