This is a follow up question related to this answer.
In short: I am importing the self signed Root CA certificate into android system via
Settings -> Security -> Trusted Credentials -> install from SD
path slightly differs on different android versions.
Then point any browser (tested with Firefox, chrome and opera) to the secure (java script based) resource and I receive a socket error. The resource is an index.html with js web-socket logic to securely connect to a mosquitto broker.
If I on the other hand point the browser to "https://myserver:<mysecure port>"
I receive a privacy warning, can continue unsafe and this somehow sets a cookie or other storage thing thus I am able to do future requests over the js based secure resource.
It feels, that browsers on android do not make use of the system's user imported CA certificates although they are listed in the trusted certificates "user" tap and in the trusted credentials area.
Tested with android 7.1.2 and 10. All desktop browsers work fine, tested on ubuntu / mint & raspi.
How to accomplish browser based TLS requests on android without accepting unsafe privacy risks?
Additional test:
I've tested the same thing on a ios 13.3 IPhone 7, importing the CA certificate, putting the secure resource on a proper web space since local file access isn't possible on ios. Worked out of the box.
So it seems to be a real android issue. It might make sense to put this question to an android space. Could someone make a suggestion please?
Further research:
Here is a detailed explanation, on how to get a custom certificate into the system's certificate section. But to be honest, that's not a usual way to go. Root access is not for ordinary mortals plus it might not work for more recent android versions.
User certificates are for android applications written by your own. You can have a view lines of property settings in app.config to work with your self signed user certificates.
Chrome browser and others on the other hand are kind of system applications or applications from vendors not being made to be aware of specific user certificates. And that's the only valid reason, why it will not know of certificates in the user section. It only knows of system certificates.
So the only way remaining, seems to be making your own application or somehow recompile a whole browser application configuring it to look for user certificates.
This is quite cumbersome and unsatisfying, since the web would give you all you need on any device, except android of course, which forces a detour.