diff --git a/security/manager/pki/resources/jar.mn b/security/manager/pki/resources/jar.mn
index 2fa50bac41d..7b0426a10af 100644
--- a/security/manager/pki/resources/jar.mn
+++ b/security/manager/pki/resources/jar.mn
@@ -53,6 +53,8 @@ pippki.jar:
     content/pippki/pref-masterpass.xul       (content/pref-masterpass.xul)
     content/pippki/serverCrlExpired.js       (content/serverCrlExpired.js)
     content/pippki/serverCrlExpired.xul      (content/serverCrlExpired.xul)
+    content/pippki/createCertInfo.xul        (content/createCertInfo.xul)
+    content/pippki/createCertInfo.js         (content/createCertInfo.js)
 
 en-US.jar:
     locale/en-US/pippki/contents.rdf         (locale/en-US/contents.rdf)
diff --git a/security/manager/pki/resources/locale/en-US/pippki.dtd b/security/manager/pki/resources/locale/en-US/pippki.dtd
index 687ed7bff98..101bb08f6b8 100644
--- a/security/manager/pki/resources/locale/en-US/pippki.dtd
+++ b/security/manager/pki/resources/locale/en-US/pippki.dtd
@@ -103,3 +103,7 @@
 <!ENTITY serverCrlExpired.continue "Would you like to continue?">
 <!ENTITY serverCrlExpired.manageCrls.label "Manager CRLs...">
 
+<!-- Strings for the CreateCertInfo dialog  -->
+<!ENTITY createCertInfo.title "Generating A Private Key">
+<!ENTITY createCertInfo.msg1 "Key Generation in progress... This may take a few minutes....">
+<!ENTITY createCertInfo.msg2 "Please wait...">
diff --git a/security/manager/pki/src/nsNSSDialogs.cpp b/security/manager/pki/src/nsNSSDialogs.cpp
index c3b9c8699be..87361bc7ac3 100644
--- a/security/manager/pki/src/nsNSSDialogs.cpp
+++ b/security/manager/pki/src/nsNSSDialogs.cpp
@@ -45,6 +45,7 @@
 
 #include "nsNSSDialogs.h"
 #include "nsPKIParamBlock.h"
+#include "nsIKeygenThread.h"
 
 #define PIPSTRING_BUNDLE_URL "chrome://pippki/locale/pippki.properties"
 #define STRING_BUNDLE_URL    "chrome://communicator/locale/security.properties"
@@ -124,14 +125,15 @@ nsNSSDialogs::~nsNSSDialogs()
 {
 }
 
-NS_IMPL_THREADSAFE_ISUPPORTS8(nsNSSDialogs, nsINSSDialogs, 
+NS_IMPL_THREADSAFE_ISUPPORTS9(nsNSSDialogs, nsINSSDialogs, 
                                             nsITokenPasswordDialogs,
                                             nsISecurityWarningDialogs,
                                             nsIBadCertListener,
                                             nsICertificateDialogs,
                                             nsIClientAuthDialogs,
                                             nsITokenDialogs,
-                                            nsIDOMCryptoDialogs);
+                                            nsIDOMCryptoDialogs,
+                                            nsIGeneratingKeypairInfoDialogs);
 
 nsresult
 nsNSSDialogs::Init()
@@ -824,6 +826,20 @@ nsNSSDialogs::ViewCert(nsIX509Cert *cert)
   return rv;
 }
 
+NS_IMETHODIMP
+nsNSSDialogs::DisplayGeneratingKeypairInfo(nsIInterfaceRequestor *aCtx, nsIKeygenThread *runnable) 
+{
+  nsresult rv;
+
+  // Get the parent window for the dialog
+  nsCOMPtr<nsIDOMWindowInternal> parent = do_GetInterface(aCtx);
+
+  rv = nsNSSDialogHelper::openDialog(parent,
+                                     "chrome://pippki/content/createCertInfo.xul",
+                                     runnable);
+  return rv;
+}
+
 NS_IMETHODIMP
 nsNSSDialogs::ChooseToken(nsIInterfaceRequestor *aCtx, const PRUnichar **aTokenList, PRUint32 aCount, PRUnichar **aTokenChosen, PRBool *aCanceled) {
   nsresult rv;
diff --git a/security/manager/pki/src/nsNSSDialogs.h b/security/manager/pki/src/nsNSSDialogs.h
index 0ed78e7e09d..d672cf68932 100644
--- a/security/manager/pki/src/nsNSSDialogs.h
+++ b/security/manager/pki/src/nsNSSDialogs.h
@@ -43,7 +43,8 @@ class nsNSSDialogs
   public nsICertificateDialogs,
   public nsIClientAuthDialogs,
   public nsITokenDialogs,
-  public nsIDOMCryptoDialogs
+  public nsIDOMCryptoDialogs,
+  public nsIGeneratingKeypairInfoDialogs
 {
 public:
   NS_DECL_ISUPPORTS
@@ -55,6 +56,7 @@ public:
   NS_DECL_NSICLIENTAUTHDIALOGS
   NS_DECL_NSITOKENDIALOGS
   NS_DECL_NSIDOMCRYPTODIALOGS
+  NS_DECL_NSIGENERATINGKEYPAIRINFODIALOGS
   nsNSSDialogs();
   virtual ~nsNSSDialogs();
 
diff --git a/security/manager/ssl/public/Makefile.in b/security/manager/ssl/public/Makefile.in
index ba4a57c7357..5d77b5951c4 100644
--- a/security/manager/ssl/public/Makefile.in
+++ b/security/manager/ssl/public/Makefile.in
@@ -53,6 +53,7 @@ XPIDLSRCS = \
     nsINSSDialogs.idl \
     nsISSLStatus.idl \
     nsICertOutliner.idl \
+    nsIKeygenThread.idl \
     $(NULL)
 
 include $(topsrcdir)/config/rules.mk
diff --git a/security/manager/ssl/public/makefile.win b/security/manager/ssl/public/makefile.win
index 4a98d3a4a23..2f3498e136a 100644
--- a/security/manager/ssl/public/makefile.win
+++ b/security/manager/ssl/public/makefile.win
@@ -59,6 +59,7 @@ XPIDLSRCS= \
     .\nsINSSDialogs.idl \
     .\nsISSLStatus.idl \
     .\nsICertOutliner.idl \
+    .\nsIKeygenThread.idl \
     $(NULL)
 
 
diff --git a/security/manager/ssl/public/nsINSSDialogs.idl b/security/manager/ssl/public/nsINSSDialogs.idl
index 12d8282301e..3201934b757 100644
--- a/security/manager/ssl/public/nsINSSDialogs.idl
+++ b/security/manager/ssl/public/nsINSSDialogs.idl
@@ -24,6 +24,7 @@
 #include "nsIX509Cert.idl"
 
 interface nsIInterfaceRequestor;
+interface nsIKeygenThread;
 
 /**
  * nsITokenPasswordDialogs
@@ -48,6 +49,19 @@ interface nsITokenPasswordDialogs : nsISupports
 };
 
 
+/**
+ * nsIGeneratingKeypairInfoDialogs
+ *  This is the interface for giving feedback to the user
+ *  while generating a key pair.
+ */
+[scriptable, uuid(11bf5cdc-1dd2-11b2-ba6a-c76afb326fa1)]
+interface nsIGeneratingKeypairInfoDialogs : nsISupports
+{
+  void displayGeneratingKeypairInfo(in nsIInterfaceRequestor ctx,
+                                    in nsIKeygenThread runnable);
+};
+
+
 /**
  * nsINSSDialogs - a collection of functions that
  *   implement activities that may require interaction
diff --git a/security/manager/ssl/src/Makefile.in b/security/manager/ssl/src/Makefile.in
index 5983ee258c5..d523399aeef 100644
--- a/security/manager/ssl/src/Makefile.in
+++ b/security/manager/ssl/src/Makefile.in
@@ -68,6 +68,7 @@ CPPSRCS = 				\
 	nsKeygenHandler.cpp		\
 	nsCrypto.cpp			\
         nsPKCS11Slot.cpp                \
+        nsKeygenThread.cpp              \
 	$(NULL)
 
 REQUIRES = nspr security xpcom string necko uriloader pref caps dom intl locale profile windowwatcher js docshell widget layout gfx2 pippki xpconnect jar
diff --git a/security/manager/ssl/src/makefile.win b/security/manager/ssl/src/makefile.win
index 758a86527ca..840ab388cf3 100644
--- a/security/manager/ssl/src/makefile.win
+++ b/security/manager/ssl/src/makefile.win
@@ -98,6 +98,7 @@ OBJS = \
     .\$(OBJDIR)\nsNSSASN1Object.obj \
     .\$(OBJDIR)\nsCrypto.obj \
     .\$(OBJDIR)\nsPKCS11Slot.obj \
+    .\$(OBJDIR)\nsKeygenThread.obj \
     $(NULL)
 
 include <$(DEPTH)\config\rules.mak>
diff --git a/security/manager/ssl/src/nsKeygenHandler.cpp b/security/manager/ssl/src/nsKeygenHandler.cpp
index c9cf8777668..f638414dee7 100644
--- a/security/manager/ssl/src/nsKeygenHandler.cpp
+++ b/security/manager/ssl/src/nsKeygenHandler.cpp
@@ -39,6 +39,7 @@ extern "C" {
 #include "nsIDOMHTMLSelectElement.h"
 #include "nsIContent.h"
 #include "nsINSSDialogs.h"
+#include "nsKeygenThread.h"
 
 //These defines are taken from the PKCS#11 spec
 #define CKM_RSA_PKCS_KEY_PAIR_GEN     0x00000000
@@ -297,7 +298,6 @@ nsKeygenFormProcessor::GetPublicKey(nsString& aValue, nsString& aChallenge,
 				    nsString& aOutPublicKey, nsString& aPqg)
 {
     nsresult rv = NS_ERROR_FAILURE;
-    char *emptyCString = "null";
     char *keystring = nsnull;
     char *pqgString = nsnull, *str = nsnull;
     nsAutoString rsaStr;
@@ -321,6 +321,9 @@ nsKeygenFormProcessor::GetPublicKey(nsString& aValue, nsString& aChallenge,
     SECItem signedItem;
     CERTPublicKeyAndChallenge pkac;
     SECKeySizeChoiceInfo *choice = SECKeySizeChoiceList;
+    nsIGeneratingKeypairInfoDialogs * dialogs;
+    nsKeygenThread KeygenRunnable;
+    nsCOMPtr<nsIKeygenThread> runnable;
 
     // Get the key size //
     while (choice) {
@@ -398,8 +401,42 @@ found_match:
         goto loser;
     }
 
-    privateKey = PK11_GenerateKeyPair(slot, keyGenMechanism, params,
-				     &publicKey, PR_TRUE, PR_TRUE, nsnull);
+    rv = getNSSDialogs((void**)&dialogs,
+                       NS_GET_IID(nsIGeneratingKeypairInfoDialogs));
+
+    if (NS_FAILED(rv)) {
+        privateKey = PK11_GenerateKeyPair(slot, keyGenMechanism, params,
+                                          &publicKey, PR_TRUE, PR_TRUE, nsnull);
+    } else {
+        GenerateKeypairParameters gkp;
+        gkp.privateKey = nsnull;
+        gkp.publicKey = nsnull;
+        gkp.slot = slot;
+        gkp.keyGenMechanism = keyGenMechanism;
+        gkp.params = params;
+        KeygenRunnable.SetParams(&gkp);
+        // Our parameters instance will be modified by the thread.
+
+        runnable = do_QueryInterface(&KeygenRunnable);
+        
+        if (runnable) {
+            rv = dialogs->DisplayGeneratingKeypairInfo(m_ctx, runnable);
+
+            // We call join on the thread,
+            // so we can be sure that no simultaneous access will happen.
+            KeygenRunnable.Join();
+
+            NS_RELEASE(dialogs);
+            if (!NS_FAILED(rv)) {
+                privateKey = gkp.privateKey;
+                publicKey = gkp.publicKey;
+                slot = gkp.slot;
+                keyGenMechanism = gkp.keyGenMechanism;
+                params = gkp.params;
+            }
+        }
+    }
+    
     if (!privateKey) {
         goto loser;
     }