Comment 8 for bug 290485

hehe, I was thinking the same thing about the Chinese Post office (!mozilla/Hongkong_Post_Root_CA_1.crt) :) I looked at the wiki URL you pasted though, but it seems a little old and dated. We appear to be long past the point where they were deciding to include it or not, it would appear.

Anyways, a quick check in my /etc/ca-certificates.conf show it is enabled:
cacert.org/cacert.org.crt

The cert seems to be activated and installed just fine. The problem is that this cert is useless ever since the gnutls patch mentioned above that refuses all certs that used md5 instead of sha1, which this is affected by.

A quick check of their wiki shows their Class 1 cert signed MD5 still though:
  https://wiki.cacert.org/Roots/StateOverview

hmm, perhaps I should email them as inquire what might be causing them to only use md5+sha1 root cert instead of just sha1. There might be some technical or political problem preventing them from solving this properly.

Anyways, thanks for quick reply. o/