After even Apple fixed their software to reject certificates issued by Diginotar, Android is (one of?) the last platform that did not issue a fix. Given the fact that this whole affair started, because Google users' confidentiality was compromised by the Iranian government using a false certificate from DigiNotar, this is quite surprising.

Tired of waiting, I compiled an "update.zip" file with a modified certificate store. This store has no longer CA certificates from Diginotar and GlobalSign (the other company, whose CA's were compromised).

I took the liberty of including a fix that activates the IPv6 privacy extensions as well. The update.zip file is attached to this article and can be applied from any recovery ROM. I case you don't have a recovery ROM, take a look at ROM Manager from Clockworkmod. Root access is also a neccesary. The second attachment also contains my own CA certificate, which you probably don't need.