Set up the issuer info for CAs you want to mark as insecure here (as matching substrings). Erase field and save to remove.
As per MDN: For example: "CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US".
+