Ok, my suggestion for how to proceed with updating the certificates is as follows:
1.Take certdata2pem.py from the debian ca-certificates package
2.Modify certdata2pem.py so it spits out files named as required for maemo (creating files in either the blacklist and common-ca directories as appropriate as well as adding the certificates to certman.blacklist and certman.common-ca files via cmcli)
3.Run the result on the certdata.txt as of mozilla-central commit 2432457fa32b (which should match the fc21ae95be7f44189be2360d445f4fe3f10ab712 commit in maemo-security-certman)
4.Make sure the output matches the fc21ae95be7f44189be2360d445f4fe3f10ab712 commit in maemo-security-certman (this will verify that there are no special certs in there that Maemo has but Mozilla does not as well as verifying that we get the expected output from the modified python script)
5.Run the script on the latest certdata.txt from Mozilla.
6.If step 4 showed any special certificates that are only found in Maemo (or for that matter, any certificates Mozilla no longer trusts but that Maemo needs to trust for some reason), add those manually
7.Verify that it correctly blacklisted the certificates from maemo-security-certman 0be038825a98dae2d80fd411a02cb4c86ed1b36a and correctly ordered the certificates from maemo-security-certman 2cbd96e89d7529e1ce25801824fb76f39b05b836
8.Stick all the results into Git and the new maemo-security-certman into CSSU
and 9.Stick the tools and notes into Git somewhere so we can keep maemo-security-certman up to date with the latest Mozilla certs going forward

I would do this except I dont know the first thing about Python...

Or of course we can try and track down Juhani Mäkelä and ask him to share whatever tools and tricks he used to update the certificates :P