This introduces a decision your typical user is not competent to make ("should I enable this setting?") and yet another error message they will quickly learn to ignore.
I agree. But imho this is no reason to not include the suggested feature.
There are so many settings and warnings that a common user does not understand. This new one would not scare any users away I guess. They will just ignore it.
I would be very happy to notice that my browser suddenly uses a different certificate to validate the certificate of one of my servers.
Yes, it should be similar to disabling cookies or javascript. Or tinkering with other options. A default for the "normals" but power to people who know what they are doing.