I’m strongly recommending that maintainers of openHABian remove the CA certs for WoSign and their partner StartCom. WoSign should be called WoeSign. They’re now distrusted by most of the browsers.
I think it would also be helpful to have some clear, step-by-step instructions that most anyone can follow who wants to remove questionable certs. That way I can immediately remove certs I’d rather not have from questionable sources like The Hong Kong Post Office, various CAs in China, etc.