diff --git a/rendezvous-server/src/handlers_to0.rs b/rendezvous-server/src/handlers_to0.rs
index 5775d0b0d..5ee2a602a 100644
--- a/rendezvous-server/src/handlers_to0.rs
+++ b/rendezvous-server/src/handlers_to0.rs
@@ -136,8 +136,15 @@ pub(super) async fn ownersign(
         }
         Some(v) => v,
     };
-    //let device_pubkey = match device_cert_chain.verify_from_x5bag(&user_data.trusted_device_keys) {
-    let device_pubkey = match device_cert_chain.insecure_verify_without_root_verification() {
+
+    let device_pubkey_verification =
+        if let Some(trusted_manufacturer_certs) = &user_data.trusted_manufacturer_keys {
+            device_cert_chain.verify_from_x5bag(trusted_manufacturer_certs)
+        } else {
+            device_cert_chain.insecure_verify_without_root_verification()
+        };
+
+    let device_pubkey = match device_pubkey_verification {
         Err(cert_chain_err) => {
             log::debug!("Error verifying device certificate: {:?}", cert_chain_err);
             return Err(Error::new(