![](/static/66c60d9f/assets/icons/icon-96x96.png)
![](https://lemmy.world/pictrs/image/8286e071-7449-4413-a084-1eb5242e2cf4.png)
If you are dead set on a specifically certificate-backed access control scheme, a VPN with the ability to use the hardware-backed certificate store (such as OpenVPN) is likely easier to set up as it is better supported on mobile devices and doesn’t require application-level support (i.e. everything is protected, not just the apps w/ mTLS support)
https://openvpn.net/faq/how-do-i-use-a-client-certificate-and-private-key-from-the-android-keychain/
What part were you getting hung up on?