S/MIME: define/revoke trust for non-public CAs and/or individual certs etc

Dear all
This is my very first post here - pls. feel free to guide me if indicated

I’ve just started evaluating Mail3.5.5 @NC26.0.11,PHP8.2.15,MariaDB10.6.16 in order to replace my non-Browser Clients in many cases.

Could somebody pls. share some experience how to define/revoke trust for non-public CAs and/or individual eMail-recipients’ certificate(s) as well as to untrust some specific public CAs?

Thanks and regards

answered for CAs by S/Mime certificate does not encrypte/sign messages · Issue #8552 · nextcloud/mail · GitHub

… but for individual certs i’m still confused if I would need to import each single one using “mail-app” or if it is possible to fetch from CardDav (RFC 6350 - vCard Format Specification)