diff --git a/src/security/certstore.cpp b/src/security/certstore.cpp
index 9985bc72393fe77235abd81d3bd9fee50181e330..52ea5690f871d270c5d0f4797a460bb4726e1e69 100644
--- a/src/security/certstore.cpp
+++ b/src/security/certstore.cpp
@@ -511,7 +511,8 @@ TrustStore::isAllowed(const crypto::Certificate& crt, bool allowPublic)
     // Match by certificate chain
     updateKnownCerts();
     auto ret = allowed_.verify(crt);
-    if (not ret) {
+    // Unknown issuer (only that) are accepted if allowPublic is true
+    if (not ret and !(allowPublic and ret.result == (GNUTLS_CERT_INVALID|GNUTLS_CERT_SIGNER_NOT_FOUND))) {
         RING_WARN("%s", ret.toString().c_str());
         return false;
     }