7b08d5
--- a/toolkit/modules/CertUtils.jsm
7b08d5
+++ b/toolkit/modules/CertUtils.jsm
7b08d5
@@ -170,17 +170,19 @@ this.checkCert =
7b08d5
   issuerCert = issuerCert.QueryInterface(Ci.nsIX509Cert3);
7b08d5
   var tokenNames = issuerCert.getAllTokenNames({});
7b08d5
 
7b08d5
   if (!tokenNames || !tokenNames.some(isBuiltinToken))
7b08d5
     throw new Ce(certNotBuiltInErr, Cr.NS_ERROR_ABORT);
7b08d5
 }
7b08d5
 
7b08d5
 function isBuiltinToken(tokenName) {
7b08d5
-  return tokenName == "Builtin Object Token";
7b08d5
+  return tokenName == "Builtin Object Token" ||
7b08d5
+         tokenName == "Default Trust" ||
7b08d5
+         tokenName == "System Trust";
7b08d5
 }
7b08d5
 
7b08d5
 /**
7b08d5
  * This class implements nsIBadCertListener.  Its job is to prevent "bad cert"
7b08d5
  * security dialogs from being shown to the user.  It is better to simply fail
7b08d5
  * if the certificate is bad. See bug 304286.
7b08d5
  *
7b08d5
  * @param  aAllowNonBuiltInCerts (optional)