Thank you very much for your feedback
Yes, with CA bundle, I mean system's trust store inside the app containing root certificates, which app trusts.
My current config contains:
ISRG Root X1 (Not After: Jun 4 2035 GMT) - Root cert
ISRG Root X2 (Not After: Sep 17 2040 GMT) - Root cert
DST Root CA X3 (isrg-root-x1-cross-signed) (Not After : Sep 30 2024 GMT)
I'm confused now, because everywhere, I read that long chain is recommended for most websites/services. But I did not find any information about what certificates are recommended to be part of the trust store.
Here Correct ca bundle to use - #14 by rg305 for example, I read some conflicting opinions. However based on your feedback, if I understand it correctly, every trust store should contain only ISRG Root X1 and ISRG Root X2 and nothing else
So, if my trust store will contain only these 2 root certificates:
ISRG Root X1 (Not After: Jun 4 2035 GMT) - Root cert
ISRG Root X2 (Not After: Sep 17 2040 GMT) - Root cert
Will be support for old Android devices still ensured ?