@Emil I found the error: the .pem file on my server only had the server certificate, not the intermediate nor the root. The Flic Hub was the only client so far to throw an error because of this. I added the missing certificates and now it works just fine.
On a related note: for people issuing self-signed certificates, you may want to add the option of switching off certificate validation (as you have in the ui).
old firmware (could not update myself)
with new firmware the 'sdk-switch' in the flic-app was turned off, by default
-> red dot in the sdk-login-screen
turning sdk-switch to on
-> green dot in the sdk-login-screen
-> login works!
@Emil Thanks for explanation.
I also managed to figure out what JSON structure is going for MDM under point 3.
Basically I export pairings from dev hub and if we use those buttons on managed hub I just paste "buttons pairings" json in to the field.