The one from the browser should be enough I think.
There must be some random sites out there that use not out-of-the-box valid certificates. You could try the same on such a site to do the same and just get the page contents through the http plugin to see if it works.
For example I found now:
- ok certificate, but using uncommon CA https://www.vulcano.cl/
- self signed https://rover.secure64.com/