Starting from Android 7 Nougat, applications must explicitly trust user-installed certificates for them to be effective. To bypass this, we can install our own root certificate in the system certificate store.
Requirements: the phone must be rooted.
Step 1: prepare the certificate
If the certificate is DER (e.g. exported from Fiddler), convert it to PEM. Its name can be generated with OpenSSL. Below is a PowerShell script that does all.