If the backend isn't a Self Signed Cert and has had a Cert Authority sign their certs, then you can trust the signer. Usually this guy is valid for a few more years compared to the server certificate itself.
Make sure the signing cert is in your trust store ( i.e. 'Manage Certficiates' ) and make sure in the 'OPTIONS' that this guy is used for 'Outbound SSL Connections' and in the 'Validation' tab, that this 'Certificate is a trust anchor'.
What this means is, that any cert that is immediately signed by this Trust Anchored Cert, will automatically be trusted, as we trust the signer.
So, going further, any cert/private key that is deployed on your backend will be trusted, as long as those certs were signed via the signing cert we configured to be a 'Trust Anchor'.
hope this helps,
Doyle