I've investigated some bits. 

gst-plugins-bad uses the CURLOPT_CAPATH and CURLOPT_CAINFO environment variables
to find the certificate.
Ricardo, do you know some other knobs?

Looking at existing Guix packages, I found those:

- Curl:

--8<---------------cut here---------------start------------->8---
    ;; Note: This search path is respected by the `curl` command-line tool only.
    ;; Ideally we would bake this into libcurl itself so other users can benefit,
    ;; but it's not supported upstream due to thread safety concerns.
    (list (search-path-specification
           (variable "CURL_CA_BUNDLE")
           (file-type 'regular)
           (separator #f)                         ;single entry
           (files '("etc/ssl/certs/ca-certificates.crt"))))
--8<---------------cut here---------------end--------------->8---

- Feh:

--8<---------------cut here---------------start------------->8---
    (native-search-paths
     ;; Feh allows overriding the libcurl builtin CA path (unset in Guix)
     ;; with the same variable as the `curl` command line HTTP tool.
     (package-native-search-paths curl))
--8<---------------cut here---------------end--------------->8---

- Octave-cli

--8<---------------cut here---------------start------------->8---
    ;; Octave code uses this variable to detect directories holding multiple CA
    ;; certificates to verify peers with.  This is required for the networking
    ;; functions that require encryption to work properly.
    (native-search-paths
     (list (search-path-specification
            (variable "CURLOPT_CAPATH")
            (files '("etc/ssl/certs")))))
--8<---------------cut here---------------end--------------->8---

So my best bet would be to add the aforementioned variables to curl, and then do
a:

    (native-search-paths
     (package-native-search-paths curl))
     
from gst-plugins-bad or, if it does not work, from the individual web browsers.

I'll test this and report.

Thoughts?

-- 
Pierre Neidhardt
https://ambrevar.xyz/