Android: Allow use of Private CA's not just System Store Public CA's - Client Certs to filter traffic

I wanted to filter traffic to the server through reverse proxy using Two-way SSL/Client Certificates, on top of the regular login + 2FA auth. It already works with the exception of the Android App because, from what I have pieced together anyways, by default Android Apps only accept/use the System Store with Public CA’s unless they are explicitly configured to allow the User Store.

From another app with a similar issue on github:

The android manifest file must contain reference to a networkSecurityConfig file:


…and this file’s content will explicitly say that it looks up certificates not only in the system store but also in the user one:

<?xml version="1.0" encoding="utf-8"?>
            <certificates src="system" />
            <certificates src="user" />

Then one can filter traffic to the reverse proxy with more control than just an IP alone and without any additional costs of buying a Public CA.