When using a self-signed cert signed by an internal root CA, I was able to find a workaround by placing our org's root CA certificate in the trust store of the server running MediaWiki.
On CentOS 7:
cp internal_root_ca.crt /etc/ssl/
ln -s /etc/ssl/internal_root_ca.crt /etc/pki/ca-trust/source/anchors/
update-ca-trust