If you are only targeting Android devices you might be able to do the following.
Note, if you use iOS devices, I believe you would need another approach (use the certificate provider or perhaps share the keychain with another app that has the required cert in its keychain).
Getting Started with Kapsel - Part 8 -- AuthProxy
In the above article search for
On Android the application has access to the Trusted Certificates store. Because of this, it is possible to have the registration to the SMP server use the Logon plugin with mutual authentication without having to use Afaria or the X.509 Certificate provider interface.
The code would go in the device ready method of the file
C:\SAP\MobileSDK3\KapselSDK\apps\fiori_client\FioriClient\plugins\com.sap.mp.cordova.plugins.fioriclient\www\fioriclient.js
var successCallback = function() { console.log("ABC Success") };
var errorCallback = function() { console.log("ABC Failure") };
sap.AuthProxy.startIntercepting(successCallback, errorCallback);
sap.AuthProxy.addHTTPSConversionHost(successCallback, errorCallback, "http://wdflbmd16880.wdf.sap.corp"); //change this to match your SMP server's fully qualified domain name
You would then need to also change the Fiori URL to use http when you enter the Fiori URL in the Fiori Client. The authproxy plugin can then intercept the request, handle the authentication challenge and then will make the call over HTTPS.
Regards,
Dan van Leeuwen