I want to disable CAs that are under control of a country that's waging war against mine, how can I do it? I see one right away. The question still stands even if you are convinced there are none, it's not about whether there are matching CAs.
sudo dpkg-reconfigure ca-certificates
Doesn't show the Yandex CA that's listed on about:certificate
page in Firefox and there is no way do disable it there, unfortunately. It was issued by Unizeto Technologies S.A.
, Poland and this one is listed in the ca-certificates
list.