Provided you own the proxy, you let the proxy implement the certificate policy you decide upon? You would then have the browser only trust the certs that the proxy creates.