We are working with a custom CA.pem, client certificate (.crt), and private key (.key) that need to be installed on Android devices managed by SOTI MobiControl.

We currently install the certificates using a profile via Configuration > Certificate, and this part works. However, when our Android application attempts to access the client certificate (e.g., via KeyChain or during HTTPS request), the system prompt appears asking the user to allow access or select a certificate.

Our goal is to avoid any user interaction and access the certificate silently within the app.

Questions:
  1.  Is it possible to install the client certificate in a specific system store or trusted credential store where our app can access it silently?
  2.  Does SOTI MobiControl support installing certificates as Device Owner in a way that grants system-level access (without prompting the user)?
  3.  Can we specify the certificate alias during deployment, so the app can reference it directly via KeyStore or other Android APIs?
  4.  Are there any specific permissions or profile settings we need to apply in SOTI to allow background access to the client certificate?

Current Setup:
  •  Android devices are fully managed via SOTI (Device Owner mode)
  •  Certificate deployed using Configuration > Certificate profile
  •  Certificate alias is known and available in the app
  •  Access using Android KeyChain or KeyStore.getInstance("AndroidKeyStore") leads to user prompt

We are looking for a secure and silent way to access client cert + private key for mutual TLS communication in our app.