you are trying to import a pkcs12 container with the private key into the android truststore for CA certs. That is not the correct place for a private key (only for certificates with the pubkey inside) and pkcs12 is probably the wrong format to try as it usually contains the private key.
Try to import cert.crt on android and see if that works.
the more probable reason is that your certificate is a self-signed server certificate and not a CA cert which is what android likely expects to import into its trust store... If that is the case, you need to create your own CA with openssl and import its CA root cert into android. Here is a guide... you can leave out the intermediate CA if you want to... https://jamielinux.com/docs/openssl-certificate-authority/
Yes do not place private keys on the user device. This shows a fundamental misunderstanding of how certificates work. The private key should exist in only one place, the web server.
When you initiate a SSL connection, the browser automatically gets the public part of the certificate. It is more secure to make an exception for this one certificate on one browser than to install a trusted CA. If someone obtains the private key to that CA, they can man-in-the-middle the entire Internet on you.
So if you do go the CA route it would not be unreasonable to make it a single use to sign one web server certificate then destroy the CA private key. If you install any unknown third party CA, Android will throw a constant big warning that your device is potentially insecure.
I just tried to install cert.crt on windows without converting it .pfx file and browser still accepts it. I don't understand then why OpenWRT is pointing to export .crt file to .pfx with private key included.
Anyway, I have tried to install cert.crt on Android device but i get:
"Private key required to install certificate"
I would really like to install OpenWRT certificate from my router on my Android device. Any other clues guys?