Comment 3 for bug 487845

I can see where you're coming from, but I think it would be less confusing to the user if local certificates were handled just the same as system-bundled ones. I wouldn't see it as a good thing if the procedure for enabling/disabling a certificate differed depending on whether it were locally-installed or not.

That aside, the symlinks in /etc/ssl/certs/ are generated based on the multiselect list, so the local certificates aren't getting in there anyway.