For reference purposes: with old ca-certificates before version 3.71
$ pkg contents ca-certificates | grep DST_Root_CA
This certificate expired on Sep 30 2021.
The impact / result is that Squeak (smalltalk-80 on OpenIndiana) was unable to connect to the squeak.org website and code repository, over SSL (the website has a certificate signed by X3).
The LetsEncrypt website suggests to remove the certificate :
Meanwhile the issue was escalated to Mozilla:
Mozilla removed the X3 certificate from their NSS product from release 3.74.
The current release in OpenIndiana 3.75 does not have the expired X3 certificate any longer, so the issue is now fixed.