I’m strongly recommending that maintainers of openHABian remove the CA certs for WoSign and their partner StartCom. WoSign should be called WoeSign. They’re now distrusted by most of the browsers.
https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/
I think it would also be helpful to have some clear, step-by-step instructions that most anyone can follow who wants to remove questionable certs. That way I can immediately remove certs I’d rather not have from questionable sources like The Hong Kong Post Office, various CAs in China, etc.
Thanks!