The end user certificates are used to sign/encrypt/decrypt and can be
assigned to users the and intermediate CAs should be handeled like the
root CA, so it is a "sort-by-function" thing...
Would it be acceptable to only store "trusted" intermediate CAs for
which we have a root CA and store them along with the roots??
The system need to make a distinction between roots and non-roots.
Djigzo is designed to make it scale to large numbers of certificates (it
has been tested with more than 40.000 certificates). To make it scalable
the roots need to be stored separately. That however doesn't mean you
can visually show it differently to the user. I however like the roots
the be separately shown because whether you trust a root or not is
What perhaps can add is a filter that allows you to filter on
intermediate certificates or end-user certificates. When selecting an
encryption certificate for a user only end-user certificates are shown
Djigzo open source email encryption