Too Long; Didn't Read
The procedure to trust a specific certificate (self-signed for example, or with another CA which is not part of a public chain) on a server requires access to <code class="markup--code markup--p-code">/etc/ssl/certificates</code> (root access) or an option in your favorite command-line interface tool to provide a different certificates storage. <code class="markup--code markup--p-code">socat</code> does not provide such option (yet).