BUG: NekoBox for Android does not trust certificates from personal certificate store

[nd4y]

Describe the problem

NekoBox for Android does not trust certificates from non-public certification authorities whose root certificate is installed in the personal certificate store.

I use AdGuard Home and want to use it as a DNS-Over-HTTPS server. I issued a certificate in a personal certification authority (Similar to what is described at https://www.baeldung.com/openssl-self-signed-cert) and use it on AdGuard Home. When using DNS-over-HTTPS server https://192.168.0.2/dns-query , I get an error in Nekobox "tls: failed to verify certificate: x509: certificate signed by unkown authority"

However, browsers that know how to use a personal certificate store trust this certificate. (such as Google Chrome, Microsoft Edge, etc)

Expected behavior: NekoBox for Android uses https://192.168.0.2/dns-query as a DNS-over-HTTPS server without errors if the CA certificate is imported into the personal certificate store

Actual behavior: NekoBox for Android uses https://192.168.0.2/dns-query as a DNS-over-HTTPS server with the error "tls: failed to verify certificate: x509: certificate signed by unkown authority"

How to reproduce

1. Issue a certificate of the certification authority and a server certificate.
2. Install the server certificate on AdGuard Home
3. Import the certificate of the certification authority into the personal Android certificate store (it is impossible to import into the system certificate store without root privileges)
4. In NekoBox for Android in the Remote DNS and Direct DNS parameters specify the AdGuard Home DNS-over-HTTPS endpoint

Provide helpful screenshots, videos, text descriptions, subscription links, etc.

I'm not sure if the problem won't be reproduced when using the system certificate store and have no way to check.

[MrMarvel]

+1. Can't get profile from subscription because of certificate x509 error