The solution is do not use .p12, just navigate with Chrome (with configured proxy on wifi) to http://charlesproxy.com/getssl and install downloaded .pem file.
I had exactly the same problem on my Nexus 5X running Android 7.0.
There was previously exported .p12 from Charles 3.11.5 (Help->SSL Proxying->Export Charles Root certificate and Private key). When I tried to install .p12 from phone (Settings->Security->Install from storage) it appears only under “User credentials” and never at “Trusted credentials”, and of course SSL with Charles proxy did not work.
The total “how-to” for Android 7.0 would be like that:
- Configure WiFi + proxy (how Charles requires it). Connect it.
- On device, navigate with Chrome to http://charlesproxy.com/getssl, accept request for download .pem, then press “open”, it launches “Certificate installer” app. Use it to install the certificate as “VPN and apps”.
- Put the attribute
android:networkSecurityConfig="@xml/network_security_config"
to<application>
at Manifest.xml - Create res/xml/network_security_config.xml with content from the first post (it is totally correct).
- Launch Charles and app and have fun.
P.S. Check date/time on the device. It should be correct.