It would be great if certificates for LDAP and SMS Gateway would import and update automatically when the provider is updating theirs. Then there would be no worries missing out and having a stand-still in those services. Thank you
I could see this as potentially dangerous to just trust whatever is coming in. Think man-in-the-middle attacks.
SSPR/PWM used to have a promiscuous SSL mode but was taken out for this specific reason I believe. Is it a pain in the butt to remember to do this? Sort of. Is it better to just log in and reimport the certificate when it's changed which takes 1 minute? Yes.
Just my 2 cents.