i thought we had a wiki page on this but i can’t find it for some reason. maybe not.
you need to have your browser present client certificate to the server so that tt-rss would be able to read its fingerprint and register it, unfortunately i’ve last used this feature years ago and i don’t remember the details.
maybe someone else here will chime in, otherwise i’m afraid you’ll have to investigate yourself.
tbh with modern browser vendors working to undermine user control of the trust chain i would expect support for custom CAs and certificates to dwindle or become more and more convoluted so this feature might as well be deprecated. this is my personal opinion though.
e: if you manage to figure it out with modern browsers and httpd i would appreciate a quick writeup for the wiki.