[mTLS] Support for Apple Watch

[baurmatt]

Preflight checks

• I am using the experimental mTLS feature
• I have reproduced this issue at least once after restarting the app

App platform

iOS

Device and app information

Model Name: iPhone 17 and Watch 10
iOS Version: 26.4.1
WatchOS Version: 26.4
App Version: 2026.4.0 (2026.1862)

Home Assistant environment

Home Assistant Core Version: 2026.4.3
Installation Type: Container
Host OS: Ubuntu
Reverse Proxy: Traefik
TLS Termination Point: Proxy

mTLS setup details

Client certificate source: mkcert
Client certificate format: PKCS#12
Certificate validity window: ? Long
Signing CA type: self-signed
Server cerificate issuer: mkcert development CA
Full chain served by server? yes

Failure symptoms

Exact error message shown in app:

Translated error: URLSessionTask failed with error: The server xxxxxxxx requires a client certificate.
When does it fail? On loading the notification picture
Frequency: Always
Time of most recent failure: This afternoon, UTC+1

Steps to reproduce

1. Get a notification containing a image/HLS

Expected vs actual behavior

Expected: Image is show
Actual: SSL error

Additional context

This is how the notification is send:

  - action: notify.mobile_app_iphone_von_matthias
    data:
      title: Saugroboter Vacum
      message: >-
        Die Reinigung wurde um {{ now().strftime('%-H:%M') }} Uhr erfolgreich
        abgeschlossen.
      data:
        image: /api/camera_proxy/camera.vacum_camera
        entity_id: camera.vacum_camera
        priority: high
        url: /lovelace/
        clickAction: /lovelace/
        channel: Valetudo Success

[baurmatt]

From #4417 (comment) I gathered that there might be even more missing than "only" fixing the bug shown above.