diff --git a/sort_certificate.py b/sort_certificate.py
index db26b60..03305ac 100755
--- a/sort_certificate.py
+++ b/sort_certificate.py
@@ -187,11 +187,12 @@ def find_intermediate_root(x509_objects, root_issuers):
     '''
 
     # Some intermediates have the *same* subject as some root certificates.
-    # blacklist them
-    # XXX better use pubkey/hash for that, but can't find the appropriate
-    # interface to that at the moment
+    # blacklist them if their issuer and subject name is present in the root
+    # bundle
     excluded_issuers = [str(x.get_subject()) for x in x509_objects
-                        if x.get_subject() != x.get_issuer()]
+                        if x.get_subject() != x.get_issuer()
+                        and str(x.get_issuer()) in root_issuers
+                        and str(x.get_subject()) in root_issuers]
 
     logging.debug('Known root issuers\n\t%s', '\n\t'.join(root_issuers))
     logging.debug('Excluding issuers because of potential intermediates\n\t%s',