diff --git a/security/manager/locales/en-US/chrome/pipnss/pipnss.properties b/security/manager/locales/en-US/chrome/pipnss/pipnss.properties
index ddfeac936f00..4d882db88326 100644
--- a/security/manager/locales/en-US/chrome/pipnss/pipnss.properties
+++ b/security/manager/locales/en-US/chrome/pipnss/pipnss.properties
@@ -130,6 +130,7 @@ CertDumpAlgID=Algorithm Identifier
 CertDumpParams=Algorithm Parameters
 CertDumpRSAEncr=PKCS #1 RSA Encryption
 CertDumpRSATemplate=Modulus (%S bits):\n%S\nExponent (%S bits):\n%S
+CertDumpECTemplate=Key size: %S bits\nBase point order length: %S bits\nPublic value:\n%S
 CertDumpIssuerUniqueID=Issuer Unique ID
 CertDumpSubjPubKey=Subject's Public Key
 CertDumpSubjectUniqueID=Subject Unique ID
diff --git a/security/manager/ssl/src/nsNSSCertHelper.cpp b/security/manager/ssl/src/nsNSSCertHelper.cpp
index 8ed893843406..fd7d488ce2ec 100644
--- a/security/manager/ssl/src/nsNSSCertHelper.cpp
+++ b/security/manager/ssl/src/nsNSSCertHelper.cpp
@@ -47,6 +47,7 @@
 #include "nsNSSCertificate.h"
 #include "cert.h"
 #include "keyhi.h"
+#include "secder.h"
 #include "nsNSSCertValidity.h"
 #include "nsNSSASN1Object.h"
 #include "nsNSSComponent.h"
@@ -612,10 +613,18 @@ ProcessRawBytes(nsINSSComponent *nssComponent, SECItem *data,
 {
   // This function is used to display some DER bytes
   // that we have not added support for decoding.
-  // It prints the value of the byte out into a 
-  // string that can later be displayed as a byte
-  // string.  We place a new line after 24 bytes
-  // to break up extermaly long sequence of bytes.
+  // If it's short, let's display as an integer, no size header.
+
+  if (data->len <= 4) {
+    int i_pv = DER_GetInteger(data);
+    nsAutoString value;
+    value.AppendInt(i_pv);
+    text.Append(value);
+    text.Append(NS_LITERAL_STRING(SEPARATOR).get());
+    return NS_OK;
+  }
+
+  // Else produce a hex dump.
 
   if (wantHeader) {
     nsAutoString bytelen, bitlen;
@@ -631,6 +640,11 @@ ProcessRawBytes(nsINSSComponent *nssComponent, SECItem *data,
     text.Append(NS_LITERAL_STRING(SEPARATOR).get());
   }
 
+  // This prints the value of the byte out into a 
+  // string that can later be displayed as a byte
+  // string.  We place a new line after 24 bytes
+  // to break up extermaly long sequence of bytes.
+
   PRUint32 i;
   char buffer[5];
   for (i=0; i<data->len; i++) {
@@ -1802,11 +1816,32 @@ ProcessSubjectPublicKeyInfo(CERTSubjectPublicKeyInfo *spki,
                                                      params, 4, text);
          break;
       }
+      case ecKey: {
+        displayed = true;
+        SECKEYECPublicKey &ecpk = key->u.ec;
+        int fieldSizeLenAsBits = 
+              SECKEY_ECParamsToKeySize(&ecpk.DEREncodedParams);
+        int basePointOrderLenAsBits = 
+              SECKEY_ECParamsToBasePointOrderLen(&ecpk.DEREncodedParams);
+        nsAutoString s_fsl, s_bpol, s_pv;
+        s_fsl.AppendInt(fieldSizeLenAsBits);
+        s_bpol.AppendInt(basePointOrderLenAsBits);
+
+        if (ecpk.publicValue.len > 4) {
+          ProcessRawBytes(nssComponent, &ecpk.publicValue, s_pv, PR_FALSE);
+        } else {
+          int i_pv = DER_GetInteger(&ecpk.publicValue);
+          s_pv.AppendInt(i_pv);
+        }
+        const PRUnichar *params[] = {s_fsl.get(), s_bpol.get(), s_pv.get()};
+        nssComponent->PIPBundleFormatStringFromName("CertDumpECTemplate",
+                                                    params, 3, text);
+        break;
+      }
       case dhKey:
       case dsaKey:
       case fortezzaKey:
       case keaKey:
-      case ecKey:
          /* Too many parameters, to rarely used to bother displaying it */
          break;
       case nullKey: