Here is a code snippet that will check your installed certificates on Ubuntu (or other GNU/Linux) against the list on GitHub [1] specified by the article "Apple and Microsoft trust Chinese government to protect your communication" [2].
Use sudo dpkg-reconfigure ca-certificates or equal tools to remove them.
t=`tempfile` && \
wget -O - 'https://raw.githubusercontent.com/chengr28/AntiChinaCerts/master/README.md' 2>/dev/null \
| grep 'SHA-1' | sed 's%.* %%' > "$t" && \
for crt in `find /usr/share/ca-certificates /etc/ssl/certs -type f`; do \
sha=`openssl x509 -in "$crt" -fingerprint | head -n 1 |sed 's%.*=%%'|sed 's%:%%g'`; \
grep -q "$sha" -- "$t" && echo "$crt"; \
done | sort; \
rm -f -- "$t"
For Firefox you need to manually remove/distrust each certificate since it has its own built in certification store.