In iOS, in order to get HTTPS working with certs from a private CA; there’s another step you need to do if your users are on iOS 10.3 or newer (statistically: yes this matters to you). In order to do this:
Please understand that by doing this, users will potentially be vulnerable to a HTTPS man in the middle attack a-la Superfish. Please ensure that you have appropriate measures in place to keep the signing key for the CA safe.
I hope this helps.
This article was posted on 2019-03-22. Facts and circumstances may have changed since publication. Please contact me before jumping to conclusions if something seems wrong or unclear.