Thank you, that is actually a professional approach, i must do that. In the mean time I found an opera://flags#allow-insecure-localhost flag, but I'm not sure it works for sites other than your localhost.
At the moment I successfully tested with the --ignore-certificate-error argument for path\launcher.exe of Opera.
Even with the wireshark approach, my fear is that there may be more than 1 CA contacted by the browser before it loads the webpage, which would mean more holes in the firewall as number of pages with different CA gather. (or just my thought on this).
Anyway thanks for your help.
All the best!