System admins need to access each Issuer individually in order to update the certificates. For organisations with multiple issuers, this can be quite a task.
Rather than having to go into each Issuer to enable & select the default certificate, it would be easier to have the ability to control these at Org level; this way, all Issuers would inherit the default set at Org level, but would also be able to over-ride them locally. It would also be preferred if the standard certificates provided by Canvas could be disabled at Org level, to help Issuer admins navigate the available certificates easier, less clutter = better User exp.
