Awesome, thanks for clarifying there!
I suspect the second item makes sense to you (given your response)? That is talking about your application logging data access, who has visited, what they saw, etc. You probably want to do this somewhere external to the app itself (i.e. via another API request, writing to a database, etc.) since shinyapps.io logs do not have great persistence.
As for the first item, it seems a bit strange to me that this request is being made, since this is something the browser usually takes care of for you as a part of the browser session management. My understanding of how SSL/TLS works is that the certificate is verified as a part of the startup process, and then a session token is created / encrypted using that certificate so that future communications can be had without re-verifying the certificate (although all future communication is encrypted using the session token, so communication is still secure).
It would be good to understand the attack vector that is in mind here, as the existence of a valid certificate is usually sufficient to trust that TLS is encrypting properly (although sometimes there is a desire to enforce a certain level of TLS encryption or version). Each new browser session / connection verifies the certificate and creates a session token, which is then used for the duration of the session.
This is articulated more clearly here, I think: