In the end I was able to find the solution myself, which I'll share below.
As mentioned in the post the Mendix server used a SSL certificate which is signed by an internal custom CA.
By default behavior custom/user-added CA's are disabled, unless explicitly allowed via the network security configuration of the APK. See, the documentation below for a more detailed explanation.
“By default, secure connections (using protocols like TLS and HTTPS) from all apps trust the pre-installed system CAs, and apps targeting Android 6.0 (API level 23) and lower also trust the user-added CA store by default.”
https://developer.android.com/training/articles/security-config#CustomTrust
The solution is as follows:
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<base-config cleartextTrafficPermitted="false">
<trust-anchors>
<certificates src="system" />
<certificates src="user" />
</trust-anchors>
</base-config>
</network-security-config>
<Application
android:networkSecurityConfig="@xml/network_security_config"
...
…