How do I update my root certificates on an older version of Mac OS (e.g. El Capitan)?

I have difficulty reaching various secure web sites. They give me a certificate expired error. They work on Firefox but not Safari or Chrome. They also work on newer versions of macOS (e.g. Catalina, Big Sur). This seems to be because Safari and Chrome use the OS root certificate store and Firefox uses its own, and El Capitan is not being updated. From here there are: * Trusted certificates establish a chain of trust that verifies other certificates signed by the trusted roots — for example, to establish a secure connection to a web server. When IT administrators create Configuration Profiles, these trusted root certificates don't need to be included. * Always Ask certificates are untrusted but not blocked. When one of these certificates is used, you'll be prompted to choose whether or not to trust it. * Blocked certificates are believed to be compromised and will never be trusted. There is a list of fingerprints of the current certificates there, but no downloadable bundles of certificates. How do I update my root certificates on an older version of OS X 10.11