diff --git a/security/manager/locales/en-US/chrome/pippki/pippki.properties b/security/manager/locales/en-US/chrome/pippki/pippki.properties
index ee9a81b7a9dd..6006fa5959fe 100644
--- a/security/manager/locales/en-US/chrome/pippki/pippki.properties
+++ b/security/manager/locales/en-US/chrome/pippki/pippki.properties
@@ -70,9 +70,7 @@ deleteEmailCertConfirm=Are you sure you want to delete these people's e-mail cer
 deleteEmailCertImpact=If you delete an e-mail certificate, your will no longer be able to send encrypted e-mail to those people.
 deleteEmailCertTitle=Delete E-Mail Certificates
 
-deleteOrphanCertFlag=deleteOrphanFlag
 deleteOrphanCertConfirm=Are you sure you want to delete these certificates?
-deleteOrphanCertImpact=
 deleteOrphanCertTitle=Delete Certificates
 
 
diff --git a/security/manager/pki/resources/content/deletecert.js b/security/manager/pki/resources/content/deletecert.js
index bb77a17f7a0a..65434d09cd05 100644
--- a/security/manager/pki/resources/content/deletecert.js
+++ b/security/manager/pki/resources/content/deletecert.js
@@ -90,6 +90,12 @@ function setWindowName()
      confirm = bundle.GetStringFromName("deleteEmailCertConfirm");
      impact = bundle.GetStringFromName("deleteEmailCertImpact");
   }
+  else if(typeFlag == "orphan_tab")
+  {
+     title = bundle.GetStringFromName("deleteOrphanCertTitle");
+     confirm = bundle.GetStringFromName("deleteOrphanCertConfirm");
+     impact = "";
+  }
   else
   {
      return;
diff --git a/security/manager/ssl/src/nsNSSCertHelper.cpp b/security/manager/ssl/src/nsNSSCertHelper.cpp
index cb5ce7776c62..fa9a8d3348c3 100644
--- a/security/manager/ssl/src/nsNSSCertHelper.cpp
+++ b/security/manager/ssl/src/nsNSSCertHelper.cpp
@@ -2142,7 +2142,7 @@ getCertType(CERTCertificate *cert)
     return nsIX509Cert::CA_CERT;
   if (cert->emailAddr)
     return nsIX509Cert::EMAIL_CERT;
-  return nsIX509Cert::SERVER_CERT;
+  return nsIX509Cert::UNKNOWN_CERT;
 }
 
 CERTCertNicknames *
diff --git a/security/manager/ssl/src/nsNSSCertificate.cpp b/security/manager/ssl/src/nsNSSCertificate.cpp
index 7a402b8e5954..93db52376eb0 100644
--- a/security/manager/ssl/src/nsNSSCertificate.cpp
+++ b/security/manager/ssl/src/nsNSSCertificate.cpp
@@ -89,6 +89,11 @@ extern PRLogModuleInfo* gPIPNSSLog;
 
 static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
 
+// This is being stored in an PRUint32 that can otherwise
+// only take values from nsIX509Cert's list of cert types.
+// As nsIX509Cert is frozen, we choose a value not contained
+// in the list to mean not yet initialized.
+#define CERT_TYPE_NOT_YET_INITIALIZED (1 << 30)
 
 /* nsNSSCertificate */
 
@@ -123,7 +128,7 @@ nsNSSCertificate::ConstructFromDER(char *certDER, int derLen)
 nsNSSCertificate::nsNSSCertificate(CERTCertificate *cert) : 
                                            mCert(nsnull),
                                            mPermDelete(PR_FALSE),
-                                           mCertType(nsIX509Cert::UNKNOWN_CERT)
+                                           mCertType(CERT_TYPE_NOT_YET_INITIALIZED)
 {
   nsNSSShutDownPreventionLock locker;
   if (isAlreadyShutDown())
@@ -174,7 +179,8 @@ void nsNSSCertificate::destructorSafeDestroyNSSReference()
 nsresult
 nsNSSCertificate::GetCertType(PRUint32 *aCertType)
 {
-  if (mCertType == nsIX509Cert::UNKNOWN_CERT) {
+  if (mCertType == CERT_TYPE_NOT_YET_INITIALIZED) {
+     // only determine cert type once and cache it
      mCertType = getCertType(mCert);
   }
   *aCertType = mCertType;