Webkit2 provides enhanced security, wherein TLS certificate validation failure is treated as a transport error by default, blocking any further operations.
This is because Webkit2 doesn’t allow self-signed certificates. Also, ciphersuites based on RC4 are not allowed when performing TLS negotiation, because it is no longer considered secure. This causes it to give “Unacceptable TLS certificate” error whenever it accesses a site that uses a self-signed certificate with a weak cipher.
Also, Webkit2 reads the certificates from the system cacerts path and there seems to be no option to make it look at a custom path or custom ca-bundle.