Getting SSL handshake failed for Charles Proxy certificate on iOS even after granting full trust

I am constantly getting

> SSL handshake with client failed - Remote host terminated the
> handshake

error in Charles Proxy from iOS 16.1, which should indicate that certificate isn't trusted, but I granted full trust in the iPhone settings.

Here are steps to reproduce:

1. Download and install Charles Proxy on macOS and enable SSL Proxying. HTTP proxy port is set to 8888
2. On iPhone, in wifi settings enable manual proxy and enter the computer's IP and port 8888
3. Then dialog will appear in Charles Proxy on which need to click "Allow"
4. On iPhone go to chls.pro/ssl in order to download the certificate
5. In iPhone's settings install a new profile with a certificate.
6. Then in Settings -> General -> About -> Certificate Trust Settings set the switch for the certificate to on.

I can see requests in Charles Proxy but they all are with SSL handshake error. Also, Safari on iPhone returns the error "This Connection Is Not Private"

Can someone explain what am I doing wrong?

Here is the screenshot from the Certificate Trust Settings.

Finally, I found the problem. In my case, it was an expired certificate. In order to fix it, it is necessary to go to Help -> SSL Proxying -> Reset Charles Root Certificate.... It will generate a new one. Then it is needed to install it and grant trust to it.

I wasn't noticing it because before I was working only with Android and it didn't check if a certificate was expired, unlike iOS.

Because I wasn't been able to find any troubleshooting checklist for similar situations I will mention it here. Hopefully, it will help somebody:

1. Make sure that Enable SSL Proxying is enabled in Proxy -> SSL Proxying Settings...
2. Check that the Exclude list doesn't contain the locations that you are trying to record.
3. Check that Proxy -> Record Settings doesn't have unneeded excludes or includes
4. Check if your target device is connected to the same wifi point as a computer.
5. Check if the wifi proxy on the target device is enabled.
6. Check if the wifi proxy on the target device is working. It is possible to check by entering incorrect proxy IP and trying to access the internet through a browser. If the proxy is working there will be no access to the Internet. (Note: at the time of writing this answer some iPhones with iOS 16 do have not a working proxy. More info here)
7. Check if the proxy is configured with the correct IP and port
8. Check if the target device has Charles's certificate installed
9. Check if the target device trusts Charles's certificate
10. Check if Charles's certificate isn't expired. If it is, go to Help -> SSL Proxying -> Reset Charles Root Certificate... and reinstall the certificate.
11. (for Android) Check if the target app has network_security_config.xml referenced in AndroidManifest.xml

Updating to the latest version of Charles (4.6.4 at time of writing) fixed the issue for me.

If your issue was expired certificate on iOS device, make sure to restart charles app itself after you re-create a new certificate.

1. Help -> SSL Proxying -> Reset Charles Root Certificate...
2. Follow the guide in the help box to navigate to chls.pro/ssl
3. Install the certificate
4. Enable the trust settings in Settings -> About -> Certificate Trust Settings -> Toggle new certificate on
5. Restart Charles app