Always accept the identity of a valid stored certification
When a new certification is coming, if it has be checked to be valid and will be added to the certifications' sandbox of its issuer, then accept the certified identity.
In other words: bypass the identity sandbox restriction during the acceptance of a certification.