Actually web browsers does validate certs against their CA store.
MSIE, Edge, Chrome on Windows does use system Cert Storage (certlm). Or shorter, through chrome://settings/security
FireFox does use it's own internal cert storage.
Both are looking to who signed cert you are trying to use, or which is presented to browser as server cert. And so browser validates if server cert itself is valid, or if it is signed by "Trusted Root Certificate Authority" (in short "CA")as if it is, then trust is inherently applied also to certs signed by that CA.
And so you can have your own certs, issued/signed by your own CA, but then you have to add cert of that Root CA into Trusted Root CA in every browser you'll use. MSFT do have a shortcut for domain members as it could be pushed to workstations via GPO (but that's a bit out of scope in here).
Tom xSilver, planet Earth, over and out!