The situation on Android is particularly unfortunate. The Android folks have decided that user-added CAs are not exposed to apps unless they explicitly opt in, so nothing works out-of-the box.
I personally don't see the threat model they are addressing, but of course there's the "nice" side effect that it stops a lot of privacy research.