Because I was instructed to ask this issue in my own question I'm doing this here.
To see Original Topic in which I first asked my question (deleted now).

I got stuck with the same Problem and unfortunately the answers of the author aren't helpful.

To introduce my issue a little bit more in detail, I work with a self signed certificate on my Tomcat 8 (v8.0.15) server on the internet with Java 8 (v8.0.25 - JDK). There I host my Java EE Application, which is the backend for my Android Application. The SSL connector of the Tomcat works as it should. When I test the backend with a RESTClient I get the result as expected.
I created the keystore with one certificate:

keytool -genkey -alias tomcat -keystore tomcat.keystore 
-storepass MYKEYSTOREPASS -keyalg RSA -keysize 2048 -validity 365

Then I extracted the certificate:

keytool -export -alias tomcat -storepass MYKEYSTOREPASS 
-keystore tomcat.keystore -file tomcat.cer

Lastly I created a new Keystore in the BKS format for my Android Application:

keytool -import -alias tomcat -file tomcat.cer -keypass MYKEYSTOREPASS 
-keystore tomcat.bks -storetype BKS -storepass MYKEYSTOREPASS 
-providerClass org.bouncycastle.jce.provider.BouncyCastleProvider
-providerpath $PATH_TO_BC_LIBRARY/bcprov-jdk16-146.jar

(as mentioned here the "-export" and "-import" parameter are from previous releases but still useable. So you could also know this command parameters as "-exportcert" and "-importcert")

After finishing this steps I tried to connect and everything went fine. But only till I deactivated/left my WLAN connection. Then it did not work any more and brings an "javax.net.ssl.SSLPeerUnverifiedException: No peer certificate".
I really do not understand this behaviour.

To brighten up the android side a little bit more:
I used the classes/library from this tutorial in exact the same way.

If something is missing, just comment and I will bring the infos.

Thanks a lot in advance!

While making my research on Server Fault for similar issues I got a hint what could be wrong also: https://serverfault.com/questions/560733/why-isnt-tomcat-serving-the-correct-ssl-certificate I tried it out with the missing parameter "keyAlias", and it worked! The solution was finally - like Ogre_BGR expected before - a not optimal tomcat configuration. The connector looks like this:

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
           maxThreads="150" scheme="https" secure="true"
           clientAuth="false" sslProtocol="TLS"
           keystoreFile="PATH_TO_YOUR_KEYSTORE"
           keystorePass="PASSWORD_FOR_YOUR_KEYSTORE"
           keyAlias="ALIAS_OF_YOUR_CERTIFICATE"
           maxHttpHeaderSize="8192"
           />

Tomcat silently picks only the first key it finds in the keystore, when no keyAlias is configured. Mentioned in the docs here (at the bottom).

I hope that some day somebody will be glad to read this, while having the same Problem.

Thanks again @Ogre_BGR :)

I think it is just a server configuration problem. I am not sure how Tomcat works but probably it is similar to Apache where you declare one virtual host for the "normal" requests (i.e. non https) and one virtual host for the HTTPS (which includes the SSL cert). Usually each virtual host is binded to one IP. It is quite possible that when you are accessing your server via WIFI that you get some "internal" IP like 192.168.* and probably you configured your virtual host to bind to that ip.

When you are accessing via 3G you go trough the "public" network and then the IP of the server is different, so the virtual host does not match, e.g. SSL certificate is not used and you get "No peer certificate".

I suggest that you will have to check the server configuration and logs and see how the server is accessed by either method.