diff --git a/includes/account.php b/includes/account.php
index cc2c581..af41cbe 100644
--- a/includes/account.php
+++ b/includes/account.php
@@ -17,7 +17,7 @@
 */
 	require_once("../includes/loggedin.php");
 	require_once("../includes/lib/l10n.php");
-	require_once('lib/check_weak_key.php');
+	require_once("../includes/lib/check_weak_key.php");
 
 	loadem("account");
 
@@ -240,6 +240,11 @@
 			$_REQUEST['keytype'] = "MS";
 			$csr = clean_csr($_REQUEST['optionalCSR']);
 		}
+		if(trim($_REQUEST['description']) != ""){
+			$_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
+		}else{
+			$_SESSION['_config']['description']= "";
+		}
 	}
 
 	if($oldid == 4)
@@ -323,7 +328,8 @@
 						`created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
 						`codesign`='".intval($_SESSION['_config']['codesign'])."',
 						`disablelogin`='".($_SESSION['_config']['disablelogin']?1:0)."',
-						`rootcert`='".intval($_SESSION['_config']['rootcert'])."'";
+						`rootcert`='".intval($_SESSION['_config']['rootcert'])."',
+						`description`='".$_SESSION['_config']['description']."'";
 			mysql_query($query);
 			$emailid = mysql_insert_id();
 			if(is_array($addys))
@@ -334,15 +340,15 @@
 			fputs($fp, $emails);
 			fclose($fp);
 			$challenge=$_SESSION['spkac_hash'];
-                        $res=`openssl spkac -verify -in $CSRname`;
-                        if(!strstr($res,"Challenge String: ".$challenge))
-                        {
-                                $id = $oldid;
-                                showheader(_("My CAcert.org Account!"));
-                                echo _("The challenge-response code of your certificate request did not match. Can't continue with certificaterequest.");
-                                showfooter();
-                                exit;
-                        }
+			$res=`openssl spkac -verify -in $CSRname`;
+			if(!strstr($res,"Challenge String: ".$challenge))
+			{
+				$id = $oldid;
+				showheader(_("My CAcert.org Account!"));
+				echo _("The challenge-response code of your certificate request did not match. Can't continue with certificaterequest.");
+				showfooter();
+				exit;
+			}
 			mysql_query("update `emailcerts` set `csr_name`='$CSRname' where `id`='".intval($emailid)."'");
 		} else if($_REQUEST['keytype'] == "MS" || $_REQUEST['keytype'] == "VI") {
 			if($csr == "")
@@ -367,8 +373,8 @@
 			$csrsubject="";
 
 			$user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_SESSION['profile']['id'])."'"));
-                        if(strlen($user['mname']) == 1)
-                                $user['mname'] .= '.';
+			if(strlen($user['mname']) == 1)
+				$user['mname'] .= '.';
 			if($_SESSION['_config']['incname'] <= 0 || $_SESSION['_config']['incname'] > 4)
 				$csrsubject = "/CN=CAcert WoT User";
 			if($_SESSION['_config']['incname'] == 1)
@@ -423,7 +429,8 @@
 						`subject`='".mysql_real_escape_string($csrsubject)."',
 						`codesign`='".$_SESSION['_config']['codesign']."',
 						`disablelogin`='".($_SESSION['_config']['disablelogin']?1:0)."',
-						`rootcert`='".$_SESSION['_config']['rootcert']."'";
+						`rootcert`='".$_SESSION['_config']['rootcert']."',
+						`description`='".$_SESSION['_config']['description']."'";
 			mysql_query($query);
 			$emailid = mysql_insert_id();
 			if(is_array($addys))
@@ -457,10 +464,10 @@
 		csrf_check("adddomain");
 		if(strstr($_REQUEST['newdomain'],"\x00"))
 		{
-                        showheader(_("My CAcert.org Account!"));
-                        echo _("Due to the possibility for nullbyte domain exploits we currently do not allow any domain names with nullbytes.");
-                        showfooter();
-                        exit;
+			showheader(_("My CAcert.org Account!"));
+			echo _("Due to the possibility for nullbyte domain exploits we currently do not allow any domain names with nullbytes.");
+			showfooter();
+			exit;
 		}
 
 		list($newdomain) = explode(" ", $_REQUEST['newdomain'], 2); // Ignore the rest
@@ -664,8 +671,8 @@
 		$CSR = clean_csr($_REQUEST['CSR']);
 		if(strpos($CSR,"---BEGIN")===FALSE)
 		{
-		  // In case the CSR is missing the ---BEGIN lines, add them automatically:
-		  $CSR = "-----BEGIN CERTIFICATE REQUEST-----\n".$CSR."\n-----END CERTIFICATE REQUEST-----\n";
+			// In case the CSR is missing the ---BEGIN lines, add them automatically:
+			$CSR = "-----BEGIN CERTIFICATE REQUEST-----\n".$CSR."\n-----END CERTIFICATE REQUEST-----\n";
 		}
 		
 		if (($weakKey = checkWeakKeyCSR($CSR)) !== "")
@@ -676,6 +683,12 @@
 			exit;
 		}
 		
+		if(trim($_REQUEST['description']) != ""){
+			$_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
+		}else{
+			$_SESSION['_config']['description']= "";
+		}
+
 		$_SESSION['_config']['tmpfname'] = tempnam("/tmp", "id10CSR");
 		$fp = fopen($_SESSION['_config']['tmpfname'], "w");
 		fputs($fp, $CSR);
@@ -742,7 +755,7 @@
 		$subject = "";
 		$count = 0;
 		$supressSAN=0;
-                if($_SESSION["profile"]["id"] == 104074) $supressSAN=1;
+		if($_SESSION["profile"]["id"] == 104074) $supressSAN=1;
 
 		if(is_array($_SESSION['_config']['rows']))
 			foreach($_SESSION['_config']['rows'] as $row)
@@ -777,13 +790,15 @@
 						`CN`='".mysql_real_escape_string($_SESSION['_config']['rows']['0'])."',
 						`domid`='".mysql_real_escape_string($_SESSION['_config']['rowid']['0'])."',
 						`created`=NOW(),`subject`='".mysql_real_escape_string($subject)."',
-						`rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."'";
+						`rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."',
+						`description`='".$_SESSION['_config']['description']."'";
 		} elseif(array_key_exists('0',$_SESSION['_config']['altid']) && $_SESSION['_config']['altid']['0'] > 0) {
 			$query = "insert into `domaincerts` set 
 						`CN`='".mysql_real_escape_string($_SESSION['_config']['altrows']['0'])."',
 						`domid`='".mysql_real_escape_string($_SESSION['_config']['altid']['0'])."',
 						`created`=NOW(),`subject`='".mysql_real_escape_string($subject)."',
-						`rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."'";
+						`rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."',
+						`description`='".$_SESSION['_config']['description']."'";
 		} else {
 			showheader(_("My CAcert.org Account!"));
 			echo _("Domain not verified.");
@@ -865,7 +880,8 @@
 						`modified`=NOW(), 
 						`rootcert`='".$row['rootcert']."',
 						`type`='".$row['type']."',
-						`pkhash`='".$row['pkhash']."'";
+						`pkhash`='".$row['pkhash']."',
+						`description`='".$row['description']."'";
 				mysql_query($query);
 				$newid = mysql_insert_id();
 				$newfile=generatecertpath("csr","server",$newid);
@@ -1003,6 +1019,24 @@
 		exit;
 	}
 
+	if($oldid == 12 && array_key_exists('change',$_REQUEST) && $_REQUEST['change'] != "")
+	{
+		showheader(_("My CAcert.org Account!"));
+		foreach($_REQUEST as $id => $val)
+		{
+			if(substr($id,0,14)=="check_comment_")
+			{
+				$cid = intval(substr($id,14));
+				$comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
+				mysql_query("update `domaincerts` set `description`='$comment' where `id`='$cid'");
+			}
+		}
+		echo(_("Certificate settings have been changed.")."<br/>\n");
+		showfooter();
+		exit;
+	}
+
+
 	if($oldid == 5 && array_key_exists('renew',$_REQUEST) && $_REQUEST['renew'] != "")
 	{
 		showheader(_("My CAcert.org Account!"));
@@ -1041,7 +1075,8 @@
 						`modified`=NOW(),
 						`disablelogin`='".$row['disablelogin']."',
 						`codesign`='".$row['codesign']."',
-						`rootcert`='".$row['rootcert']."'";
+						`rootcert`='".$row['rootcert']."',
+						`description`='".$row['description']."'";
 				mysql_query($query);
 				$newid = mysql_insert_id();
 				$newfile=generatecertpath("csr","client",$newid);
@@ -1140,26 +1175,47 @@
 
 	if($oldid == 5 && array_key_exists('change',$_REQUEST) && $_REQUEST['change'] != "")
 	{
-	  showheader(_("My CAcert.org Account!"));
-	  //echo _("Now changing the settings for the following certificates:")."<br>\n";
-	  foreach($_REQUEST as $id => $val)
-	  {
-	    //echo $id."<br/>";
-	    if(substr($id,0,5)=="cert_")
-	    {
-	      $id = intval(substr($id,5));
-	      $dis=(array_key_exists('disablelogin_'.$id,$_REQUEST) && $_REQUEST['disablelogin_'.$id]=="1")?"0":"1";
-	      //echo "$id -> ".$_REQUEST['disablelogin_'.$id]."<br/>\n";
-	      mysql_query("update `emailcerts` set `disablelogin`='$dis' where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'");
-	      //$row = mysql_fetch_assoc($res);
-	    }
-	  }
-	  echo(_("Certificate settings have been changed.")."<br/>\n");
-	  showfooter();
-	  exit;
+		showheader(_("My CAcert.org Account!"));
+		foreach($_REQUEST as $id => $val)
+		{
+			if(substr($id,0,5)=="cert_")
+			{
+				$cid = intval(substr($id,5));
+				$dis=(array_key_exists('disablelogin_'.$cid,$_REQUEST) && $_REQUEST['disablelogin_'.$cid]=="1")?"0":"1";
+				mysql_query("update `emailcerts` set `disablelogin`='$dis' where `id`='$cid' and `memid`='".$_SESSION['profile']['id']."'");
+			}
+			if(substr($id,0,14)=="check_comment_")
+			{
+				$cid = intval(substr($id,14));
+				if(!empty($_REQUEST['check_comment_'.$cid])) {
+					$comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
+					mysql_query("update `emailcerts` set `description`='$comment' where `id`='$cid' and `memid`='".$_SESSION['profile']['id']."'");
+				}
+			}
+		}
+		echo(_("Certificate settings have been changed.")."<br/>\n");
+		showfooter();
+		exit;
 	}
 
 
+	if($oldid == 6 && $_REQUEST['certid'] != "")
+	{
+		if(trim($_REQUEST['description']) != ""){
+			$description= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
+		}else{
+			$description= "";
+	}
+
+	if(trim($_REQUEST['disablelogin']) == "1"){
+		$disablelogin = 1;
+	}else{
+		$disablelogin = 0;
+	}
+
+	mysql_query("update `emailcerts` set `disablelogin`='$disablelogin', `description`='$description' where `id`='".$_REQUEST['certid']."' and `memid`='".$_SESSION['profile']['id']."'");
+
+ }
 	if($oldid == 13 && $process != "")
 	{
 		csrf_check("perschange");
@@ -1176,42 +1232,42 @@
 		$_SESSION['_config']['user']['A4'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A4']))));
 		$_SESSION['_config']['user']['A5'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A5']))));
 
-                if($_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q2'] ||
-                        $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q3'] ||
-                        $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q4'] ||
-                        $_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q5'] ||
-                        $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q3'] ||
-                        $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q4'] ||
-                        $_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q5'] ||
-                        $_SESSION['_config']['user']['Q3'] == $_SESSION['_config']['user']['Q4'] ||
-                        $_SESSION['_config']['user']['Q3'] == $_SESSION['_config']['user']['Q5'] ||
-                        $_SESSION['_config']['user']['Q4'] == $_SESSION['_config']['user']['Q5'] ||
-                        $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q1'] ||
-                        $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q2'] ||
-                        $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q3'] ||
-                        $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q4'] ||
-                        $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q5'] ||
-                        $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q3'] ||
-                        $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q4'] ||
-                        $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q5'] ||
-                        $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['Q4'] ||
-                        $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['Q5'] ||
-                        $_SESSION['_config']['user']['A4'] == $_SESSION['_config']['user']['Q5'] ||
-                        $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A2'] ||
-                        $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A3'] ||
-                        $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A4'] ||
-                        $_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A5'] ||
-                        $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A3'] ||
-                        $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A4'] ||
-                        $_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A5'] ||
-                        $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['A4'] ||
-                        $_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['A5'] ||
-                        $_SESSION['_config']['user']['A4'] == $_SESSION['_config']['user']['A5'])
-                {
-                        $_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 different password questions and answers. You aren't allowed to duplicate questions, set questions as answers or use the question as the answer.")."<br>\n";
-                        $id = $oldid;
+		if($_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q2'] ||
+				$_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q3'] ||
+				$_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q4'] ||
+				$_SESSION['_config']['user']['Q1'] == $_SESSION['_config']['user']['Q5'] ||
+				$_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q3'] ||
+				$_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q4'] ||
+				$_SESSION['_config']['user']['Q2'] == $_SESSION['_config']['user']['Q5'] ||
+				$_SESSION['_config']['user']['Q3'] == $_SESSION['_config']['user']['Q4'] ||
+				$_SESSION['_config']['user']['Q3'] == $_SESSION['_config']['user']['Q5'] ||
+				$_SESSION['_config']['user']['Q4'] == $_SESSION['_config']['user']['Q5'] ||
+				$_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q1'] ||
+				$_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q2'] ||
+				$_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q3'] ||
+				$_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q4'] ||
+				$_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['Q5'] ||
+				$_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q3'] ||
+				$_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q4'] ||
+				$_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['Q5'] ||
+				$_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['Q4'] ||
+				$_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['Q5'] ||
+				$_SESSION['_config']['user']['A4'] == $_SESSION['_config']['user']['Q5'] ||
+				$_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A2'] ||
+				$_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A3'] ||
+				$_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A4'] ||
+				$_SESSION['_config']['user']['A1'] == $_SESSION['_config']['user']['A5'] ||
+				$_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A3'] ||
+				$_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A4'] ||
+				$_SESSION['_config']['user']['A2'] == $_SESSION['_config']['user']['A5'] ||
+				$_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['A4'] ||
+				$_SESSION['_config']['user']['A3'] == $_SESSION['_config']['user']['A5'] ||
+				$_SESSION['_config']['user']['A4'] == $_SESSION['_config']['user']['A5'])
+		{
+			$_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 different password questions and answers. You aren't allowed to duplicate questions, set questions as answers or use the question as the answer.")."<br>\n";
+			$id = $oldid;
 			$oldid=0;
-                }
+		}
 
 		if($_SESSION['_config']['user']['Q1'] == "" || $_SESSION['_config']['user']['Q2'] == "" ||
 			$_SESSION['_config']['user']['Q3'] == "" || $_SESSION['_config']['user']['Q4'] == "" ||
@@ -1394,6 +1450,13 @@
 		}
 		$_SESSION['_config']['name'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['name'])));
 		$_SESSION['_config']['OU'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['OU'])));
+
+
+		if(trim($_REQUEST['description']) != ""){
+			$_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
+		}else{
+			$_SESSION['_config']['description']= "";
+		}
 	}
 
 	if($oldid == 16 && (intval(count($_SESSION['_config']['emails'])) + 0) <= 0)
@@ -1423,6 +1486,12 @@
 		if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
 			$_SESSION['_config']['rootcert'] = 1;
 
+		if(trim($_REQUEST['description']) != ""){
+			$_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
+		}else{
+			$_SESSION['_config']['description']= "";
+		}
+
 		if(@count($_SESSION['_config']['emails']) > 0)
 			$id = 17;
 	}
@@ -1469,6 +1538,7 @@
 			if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
 				$_SESSION['_config']['rootcert'] = 1;
 
+
 			$emails .= "SPKAC = $spkac";
 			if (($weakKey = checkWeakKeySPKAC($emails)) !== "")
 			{
@@ -1485,7 +1555,8 @@
 						`orgid`='".$org['orgid']."',
 						`created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
 						`codesign`='".$_SESSION['_config']['codesign']."',
-						`rootcert`='".$_SESSION['_config']['rootcert']."'";
+						`rootcert`='".$_SESSION['_config']['rootcert']."',
+						`description`='".$_SESSION['_config']['description']."'";
 			mysql_query($query);
 			$emailid = mysql_insert_id();
 
@@ -1497,15 +1568,15 @@
 			fputs($fp, $emails);
 			fclose($fp);
 			$challenge=$_SESSION['spkac_hash'];
-                        $res=`openssl spkac -verify -in $CSRname`;
-                        if(!strstr($res,"Challenge String: ".$challenge))
-                        {
-                                $id = $oldid;
-                                showheader(_("My CAcert.org Account!"));
-                                echo _("The challenge-response code of your certificate request did not match. Can't continue with certificaterequest.");
-                                showfooter();
-                                exit;
-                        }
+			$res=`openssl spkac -verify -in $CSRname`;
+			if(!strstr($res,"Challenge String: ".$challenge))
+			{
+				$id = $oldid;
+				showheader(_("My CAcert.org Account!"));
+				echo _("The challenge-response code of your certificate request did not match. Can't continue with certificaterequest.");
+				showfooter();
+				exit;
+			}
 			mysql_query("update `orgemailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
 		} else if($_REQUEST['keytype'] == "MS" || $_REQUEST['keytype']=="VI") {
 			$csr = "-----BEGIN CERTIFICATE REQUEST-----\n".clean_csr($_REQUEST['CSR'])."-----END CERTIFICATE REQUEST-----\n";
@@ -1575,7 +1646,8 @@
 						`created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
 						`subject`='$csrsubject',
 						`codesign`='".$_SESSION['_config']['codesign']."',
-						`rootcert`='".$_SESSION['_config']['rootcert']."'";
+						`rootcert`='".$_SESSION['_config']['rootcert']."',
+						`description`='".$_SESSION['_config']['description']."'";
 			mysql_query($query);
 			$emailid = mysql_insert_id();
 
@@ -1650,7 +1722,8 @@
 						`created`='".$row['created']."', 
 						`modified`=NOW(),
 						`codesign`='".$row['codesign']."',
-						`rootcert`='".$row['rootcert']."'";
+						`rootcert`='".$row['rootcert']."',
+						`description`='".$row['description']."'";
 				mysql_query($query);
 				$newid = mysql_insert_id();
 				$newfile=generatecertpath("csr","orgclient",$newid);
@@ -1742,6 +1815,24 @@
 		exit;
 	}
 
+	if($oldid == 18 && array_key_exists('change',$_REQUEST) && $_REQUEST['change'] != "")
+	{
+		showheader(_("My CAcert.org Account!"));
+		foreach($_REQUEST as $id => $val)
+		{
+			if(substr($id,0,14)=="check_comment_")
+			{
+				$cid = intval(substr($id,14));
+				$comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
+				mysql_query("update `orgemailcerts` set `description`='$comment' where `id`='$cid'");
+			}
+		}
+		echo(_("Certificate settings have been changed.")."<br/>\n");
+		showfooter();
+		exit;
+	}
+
+
 	if($process != "" && $oldid == 20)
 	{
 		$CSR = clean_csr($_REQUEST['CSR']);
@@ -1755,6 +1846,12 @@
 			exit;
 		}
 		
+		if(trim($_REQUEST['description']) != ""){
+			$_SESSION['_config']['description']= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
+		}else{
+			$_SESSION['_config']['description']= "";
+		}
+
 		$_SESSION['_config']['tmpfname'] = tempnam("/tmp", "id20CSR");
 		$fp = fopen($_SESSION['_config']['tmpfname'], "w");
 		fputs($fp, $CSR);
@@ -1830,8 +1927,8 @@
 			exit;
 		}
 
-                if($_SESSION['_config']['rowid']['0'] > 0)
-                {
+		if($_SESSION['_config']['rowid']['0'] > 0)
+		{
 			$query = "select * from `org`,`orginfo` where
 					`orginfo`.`id`='".$_SESSION['_config']['rowid']['0']."' and
 					`orginfo`.`id`=`org`.`orgid` and
@@ -1878,25 +1975,27 @@
 		if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
 			$_SESSION['_config']['rootcert'] = 1;
 
-                if($_SESSION['_config']['rowid']['0'] > 0)
-                {
-                        $query = "insert into `orgdomaincerts` set 
-						`CN`='".$_SESSION['_config']['rows']['0']."',
-						`orgid`='".$org['id']."',
-                                                `created`=NOW(),
-						`subject`='$csrsubject',
-						`rootcert`='".$_SESSION['_config']['rootcert']."',
-						`type`='$type'";
-                } else {
-                        $query = "insert into `orgdomaincerts` set 
-						`CN`='".$_SESSION['_config']['altrows']['0']."',
-						`orgid`='".$org['id']."',
-                                                `created`=NOW(),
-						`subject`='$csrsubject',
-						`rootcert`='".$_SESSION['_config']['rootcert']."',
-						`type`='$type'";
-                }
-                mysql_query($query);
+		if($_SESSION['_config']['rowid']['0'] > 0)
+		{
+			$query = "insert into `orgdomaincerts` set
+					`CN`='".$_SESSION['_config']['rows']['0']."',
+					`orgid`='".$org['id']."',
+					`created`=NOW(),
+					`subject`='$csrsubject',
+					`rootcert`='".$_SESSION['_config']['rootcert']."',
+					`type`='$type',
+					`description`='".$_SESSION['_config']['description']."'";
+		} else {
+			$query = "insert into `orgdomaincerts` set
+					`CN`='".$_SESSION['_config']['altrows']['0']."',
+					`orgid`='".$org['id']."',
+					`created`=NOW(),
+					`subject`='$csrsubject',
+					`rootcert`='".$_SESSION['_config']['rootcert']."',
+					`type`='$type',
+					`description`='".$_SESSION['_config']['description']."'";
+		}
+		mysql_query($query);
 		$CSRid = mysql_insert_id();
 
 		$CSRname=generatecertpath("csr","orgserver",$CSRid);
@@ -1970,7 +2069,8 @@
 						`modified`=NOW(), 
 						`subject`='".$row['subject']."', 
 						`type`='".$row['type']."',
-						`rootcert`='".$row['rootcert']."'";
+						`rootcert`='".$row['rootcert']."',
+						`description`='".$row['description']."'";
 				mysql_query($query);
 				$newid = mysql_insert_id();
 				//echo "NewID: $newid<br/>\n";
@@ -2071,6 +2171,24 @@
 		exit;
 	}
 
+	if($oldid == 22 && array_key_exists('change',$_REQUEST) && $_REQUEST['change'] != "")
+	{
+		showheader(_("My CAcert.org Account!"));
+		foreach($_REQUEST as $id => $val)
+		{
+			if(substr($id,0,14)=="check_comment_")
+			{
+				$cid = intval(substr($id,14));
+				$comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
+				mysql_query("update `orgdomaincerts` set `description`='$comment' where `id`='$cid'");
+			}
+		}
+		echo(_("Certificate settings have been changed.")."<br/>\n");
+		showfooter();
+		exit;
+	}
+
+
 	if(($id == 24 || $oldid == 24 || $id == 25 || $oldid == 25 || $id == 26 || $oldid == 26 ||
 		$id == 27 || $oldid == 27 || $id == 28 || $oldid == 28 || $id == 29 || $oldid == 29 ||
 		$id == 30 || $oldid == 30 || $id == 31 || $oldid == 31) &&
@@ -2462,7 +2580,7 @@
 	}
 
 	if($oldid == 54 || ($id == 53 && array_key_exists('action',$_REQUEST) && $_REQUEST['action'] != "") || 
-	             ($id == 54 && array_key_exists('action',$_REQUEST) && $_REQUEST['action'] != "" &&
+			($id == 54 && array_key_exists('action',$_REQUEST) && $_REQUEST['action'] != "" &&
 			$_REQUEST['action'] != "aliases" && $_REQUEST['action'] != "edit" && $_REQUEST['action'] != "add"))
 	{
 		$id = 53;
@@ -2472,7 +2590,7 @@
 		$locid = intval(array_key_exists('locid',$_REQUEST)?$_REQUEST['locid']:0);
 		$name = array_key_exists('name',$_REQUEST)?mysql_real_escape_string(strip_tags($_REQUEST['name'])):"";
 		$long = array_key_exists('longitude',$_REQUEST)?ereg_replace("[^-0-9\.]","",$_REQUEST['longitude']):"";
-		$lat =  array_key_exists('latitude', $_REQUEST)?ereg_replace("[^-0-9\.]","",$_REQUEST['latitude']):"";
+		$lat = array_key_exists('latitude', $_REQUEST)?ereg_replace("[^-0-9\.]","",$_REQUEST['latitude']):"";
 		$action = array_key_exists('action',$_REQUEST)?$_REQUEST['action']:"";
 
 		if($locid > 0 && $action == "edit")
@@ -2730,24 +2848,24 @@
 		mysql_query("update `users` set `tverify`='$ver' where `id`='$memid'");
 	}
 
-  if($id == 43 && array_key_exists('assurer',$_REQUEST) && $_REQUEST['assurer'] > 0)
-  {
-    csrf_check('admsetassuret');
-    $memid = $_REQUEST['userid'] = intval($_REQUEST['assurer']);
-    $query = "select * from `users` where `id`='$memid'";
-    $row = mysql_fetch_assoc(mysql_query($query));
-    $ver = !$row['assurer'];
-    mysql_query("update `users` set `assurer`='$ver' where `id`='$memid'");
-  }
+	if($id == 43 && array_key_exists('assurer',$_REQUEST) && $_REQUEST['assurer'] > 0)
+	{
+		csrf_check('admsetassuret');
+		$memid = $_REQUEST['userid'] = intval($_REQUEST['assurer']);
+		$query = "select * from `users` where `id`='$memid'";
+		$row = mysql_fetch_assoc(mysql_query($query));
+		$ver = !$row['assurer'];
+		mysql_query("update `users` set `assurer`='$ver' where `id`='$memid'");
+	}
 
-  if($id == 43 && array_key_exists('assurer_blocked',$_REQUEST) && $_REQUEST['assurer_blocked'] > 0)
-  {
-    $memid = $_REQUEST['userid'] = intval($_REQUEST['assurer_blocked']);
-    $query = "select * from `users` where `id`='$memid'";
-    $row = mysql_fetch_assoc(mysql_query($query));
-    $ver = !$row['assurer_blocked'];
-    mysql_query("update `users` set `assurer_blocked`='$ver' where `id`='$memid'");
-  }
+	if($id == 43 && array_key_exists('assurer_blocked',$_REQUEST) && $_REQUEST['assurer_blocked'] > 0)
+	{
+		$memid = $_REQUEST['userid'] = intval($_REQUEST['assurer_blocked']);
+		$query = "select * from `users` where `id`='$memid'";
+		$row = mysql_fetch_assoc(mysql_query($query));
+		$ver = !$row['assurer_blocked'];
+		mysql_query("update `users` set `assurer_blocked`='$ver' where `id`='$memid'");
+	}
 
 	if($id == 43 && array_key_exists('locked',$_REQUEST) && $_REQUEST['locked'] > 0)
 	{
diff --git a/pages/account/10.php b/pages/account/10.php
index a394695..f83e0d8 100644
--- a/pages/account/10.php
+++ b/pages/account/10.php
@@ -31,12 +31,14 @@
 
 <form method="post" action="account.php">
 <? if($_SESSION['profile']['points'] >= 50) { ?>
-<input type="radio" name="rootcert" value="1"> <?=_("Sign by class 1 root certificate")?><br>
-<input type="radio" name="rootcert" value="2" checked> <?=_("Sign by class 3 root certificate")?><br>
+<input type="radio" name="rootcert" value="1"/> <?=_("Sign by class 1 root certificate")?><br />
+<input type="radio" name="rootcert" value="2" checked/> <?=_("Sign by class 3 root certificate")?><br />
 <p><?=_("Please note: The class 3 root certificate needs to be setup in your webserver as a chained certificate, while slightly more complicated to setup, this root certificate is more likely to be trusted by more people.")?></p>
 <? } ?>
+<p><?=_("Optional comment, only used in the certifictate overview")?><br>
+       <input type="text" name="description" maxlength="80" size=80/></p>
 <p><?=_("Paste your CSR(Certificate Signing Request) below...")?></p>
 <textarea name="CSR" cols="80" rows="15"></textarea><br>
-<input type="submit" name="process" value="<?=_("Submit")?>">
-<input type="hidden" name="oldid" value="<?=$id?>">
+<input type="submit" name="process" value="<?=_("Submit")?>"/>
+<input type="hidden" name="oldid" value="<?=$id?>"/>
 </form>
diff --git a/pages/account/12.php b/pages/account/12.php
index fa8b41a..6d85cdc 100644
--- a/pages/account/12.php
+++ b/pages/account/12.php
@@ -19,22 +19,24 @@
 <form method="post" action="account.php">
 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
   <tr>
-    <td colspan="6" class="title"><?=_("Domain Certificates")?> - <a href="account.php?id=12&amp;viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td>
+    <td colspan="8" class="title"><?=_("Domain Certificates")?> - <a href="account.php?id=12&amp;viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td>
   </tr>
   <tr>
     <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
     <td class="DataTD"><?=_("Status")?></td>
     <td class="DataTD"><?=_("CommonName")?></td>
-	<td class="DataTD"><?=_("SerialNumber")?></td>
+    <td class="DataTD"><?=_("SerialNumber")?></td>
     <td class="DataTD"><?=_("Revoked")?></td>
     <td class="DataTD"><?=_("Expires")?></td>
+    <td colspan="2" class="DataTD"><?=_("Comment *")?></td>
   </tr>
 <?
 	$query = "select UNIX_TIMESTAMP(`domaincerts`.`created`) as `created`,
 			UNIX_TIMESTAMP(`domaincerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`,
 			UNIX_TIMESTAMP(`domaincerts`.`expire`) as `expired`,
 			`domaincerts`.`expire` as `expires`, `revoked` as `revoke`,
-			UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`, `domaincerts`.`serial`, `domaincerts`.`id` as `id`
+			UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`, `domaincerts`.`serial`, `domaincerts`.`id` as `id`,
+			`domaincerts`.`description`
 			from `domaincerts`,`domains`
 			where `memid`='".intval($_SESSION['profile']['id'])."' and `domaincerts`.`domid`=`domains`.`id` ";
 	if($viewall != 1)
@@ -49,7 +51,7 @@
 	{
 ?>
   <tr>
-    <td colspan="6" class="DataTD"><?=_("No certificates are currently listed.")?></td>
+    <td colspan="8" class="DataTD"><?=_("No certificates are currently listed.")?></td>
   </tr>
 <? } else {
 	while($row = mysql_fetch_assoc($res))
@@ -62,33 +64,41 @@
 			$verified = _("Pending");
 		if($row['revoked'] > 0)
 			$verified = _("Revoked");
-                if($row['revoked'] == 0)
-                        $row['revoke'] = _("Not Revoked");
+		if($row['revoked'] == 0)
+			$row['revoke'] = _("Not Revoked");
 ?>
   <tr>
 <? if($verified != _("Pending") && $verified != _("Revoked")) { ?>
-    <td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=$row['id']?>"></td>
+    <td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=$row['id']?>"/></td>
 <? } else if($verified != _("Revoked")) { ?>
-    <td class="DataTD"><input type="checkbox" name="delid[]" value="<?=$row['id']?>"></td>
+    <td class="DataTD"><input type="checkbox" name="delid[]" value="<?=$row['id']?>"/></td>
 <? } else { ?>
     <td class="DataTD">&nbsp;</td>
 <? } ?>
     <td class="DataTD"><?=$verified?></td>
     <td class="DataTD"><a href="account.php?id=15&amp;cert=<?=$row['id']?>"><?=$row['CN']?></a></td>
-	<td class="DataTD"><?=$row['serial']?></td>
+    <td class="DataTD"><?=$row['serial']?></td>
     <td class="DataTD"><?=$row['revoke']?></td>
     <td class="DataTD"><?=$row['expires']?></td>
+    <td class="DataTD"><input name="comment_<?=$row['id']?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td>
+    <td class="DataTD"><input type="checkbox" name="check_comment_<?=$row['id']?>" /></td>
   </tr>
 <? } ?>
   <tr>
-    <td class="DataTD" colspan="6"><input type="submit" name="renew" value="<?=_("Renew")?>">&#160;&#160;&#160;&#160;
+    <td class="DataTD" colspan="8">
+      <?=_('* Comment is NOT included in the certificate as it is intended for your personal reference only. To change the comment tick the checkbox and hit "Change Settings".')?>
+    </td>
+  </tr>
+  <tr>
+    <td class="DataTD" colspan="6"><input type="submit" name="renew" value="<?=_("Renew")?>"/>&#160;&#160;&#160;&#160;
 	    <input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>"></td>
+	<td class="DataTD" colspan="2"><input type="submit" name="change" value="<?=_("Change settings")?>"/> </td>
   </tr>
 <? } ?>
   <tr>
-    <td class="DataTD" colspan="6"><?=_("From here you can delete pending requests, or revoke valid certificates.")?></td>
+    <td class="DataTD" colspan="8"><?=_("From here you can delete pending requests, or revoke valid certificates.")?></td>
   </tr>
 </table>
-<input type="hidden" name="oldid" value="<?=$id?>">
-<input type="hidden" name="csrf" value="<?=make_csrf('srvcerchange')?>" />
+<input type="hidden" name="oldid" value="<?=$id?>"/>
+<input type="hidden" name="csrf" value="<?=make_csrf('srvcerchange')?>"/>
 </form>
diff --git a/pages/account/16.php b/pages/account/16.php
index 514ecfd..6f055d7 100644
--- a/pages/account/16.php
+++ b/pages/account/16.php
@@ -29,25 +29,25 @@
 	foreach($_SESSION['_config']['emails'] as $val) { ?>
   <tr>
     <td class="DataTD"><?=_("Email")?>:</td>
-    <td class="DataTD"><input type="text" name="emails[]" value="<?=$val?>"></td>
+    <td class="DataTD"><input type="text" name="emails[]" value="<?=$val?>"/></td>
   </tr>
 <? } ?>
   <tr>
     <td class="DataTD"><?=_("Email")?>:</td>
-    <td class="DataTD"><input type="text" name="emails[]"></td>
+    <td class="DataTD"><input type="text" name="emails[]"/></td>
   </tr>
   <tr>
     <td class="DataTD"><?=_("Name")?>:</td>
-    <td class="DataTD"><input type="text" name="name" value="<?=array_key_exists('name',$_SESSION['_config'])?($_SESSION['_config']['name']):''?>"></td>
+    <td class="DataTD"><input type="text" name="name" value="<?=array_key_exists('name',$_SESSION['_config'])?($_SESSION['_config']['name']):''?>"/></td>
   </tr>
   <tr>
     <td class="DataTD"><?=_("Department")?>:</td>
-    <td class="DataTD"><input type="text" name="OU" value="<?=array_key_exists('OU',$_SESSION['_config'])?($_SESSION['_config']['OU']):''?>"></td>
+    <td class="DataTD"><input type="text" name="OU" value="<?=array_key_exists('OU',$_SESSION['_config'])?($_SESSION['_config']['OU']):''?>"/></td>
   </tr>
   <tr>
     <td class="DataTD" colspan="2" align="left">
-        <input type="radio" name="rootcert" value="1" checked> <?=_("Sign by class 1 root certificate")?><br>
-        <input type="radio" name="rootcert" value="2"> <?=_("Sign by class 3 root certificate")?><br>
+        <input type="radio" name="rootcert" value="1" checked /> <?=_("Sign by class 1 root certificate")?><br />
+        <input type="radio" name="rootcert" value="2" /> <?=_("Sign by class 3 root certificate")?><br />
         <?=str_replace("\n", "<br>\n", wordwrap(_("Please note: The class 3 root certificate needs to be imported into your email program as well as the class 1 root certificate so your email program can build a full trust path chain. Until we are included in browsers this might not be a desirable option for most people"), 60))?>
     </td>
   </tr>
@@ -56,9 +56,15 @@
     <td class="DataTD" colspan="2" align="left"><input type="checkbox" name="codesign" value="1" /><?=_("Code Signing")?></td>
   </tr>
 <? } ?>
+   <tr>
+   <td class="DataTD" colspan="2" align="left">
+      <?=_("Optional comment, only used in the certifictate overview")?><br />
+       <input type="text" name="description" maxlength="80" size=80 />
+   </td>
+  </tr>
   <tr>
     <td class="DataTD" colspan="2"><input type="submit" name="add_email" value="<?=_("Another Email")?>">
-			<input type="submit" name="process" value="<?=_("Next")?>"></td>
+			<input type="submit" name="process" value="<?=_("Next")?>" /></td>
   </tr>
 </table>
 <input type="hidden" name="oldid" value="<?=$id?>">
diff --git a/pages/account/18.php b/pages/account/18.php
index 13dcc30..2fbb8b4 100644
--- a/pages/account/18.php
+++ b/pages/account/18.php
@@ -19,13 +19,14 @@
 <form method="post" action="account.php">
 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
   <tr>
-    <td colspan="6" class="title"><?=_("Client Certificates")?> - <a href="account.php?id=18&amp;viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td>
+    <td colspan="8" class="title"><?=_("Client Certificates")?> - <a href="account.php?id=18&amp;viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td>
   </tr>
   <tr>
     <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
     <td class="DataTD"><?=_("Status")?></td>
     <td class="DataTD"><?=_("CommonName")?></td>
-	<td class="DataTD"><?=_("SerialNumber")?></td>
+	  <td class="DataTD"><?=_("SerialNumber")?></td>
+		<td class="DataTD"><?=_("Comment")?></td>
     <td class="DataTD"><?=_("Revoked")?></td>
     <td class="DataTD"><?=_("Expires")?></td>
 
@@ -35,7 +36,8 @@
 			UNIX_TIMESTAMP(`oemail`.`expire`) as `expired`,
 			`oemail`.`expire` as `expires`, `oemail`.`revoked` as `revoke`,
 			UNIX_TIMESTAMP(`oemail`.`revoked`) as `revoked`,
-			`oemail`.`CN`, `oemail`.`serial`, `oemail`.`id`
+			`oemail`.`CN`, `oemail`.`serial`, `oemail`.`id`,
+			`oemail`.`description`
 			from `orgemailcerts` as `oemail`, `org`
 			where `org`.`memid`='".intval($_SESSION['profile']['id'])."' and
 				`org`.`orgid`=`oemail`.`orgid` ";
@@ -50,7 +52,7 @@
 	{
 ?>
   <tr>
-    <td colspan="6" class="DataTD"><?=_("No client certificates are currently listed.")?></td>
+    <td colspan="8" class="DataTD"><?=_("No client certificates are currently listed.")?></td>
   </tr>
 <? } else {
 	while($row = mysql_fetch_assoc($res))
@@ -80,14 +82,22 @@
     <td class="DataTD"><?=$verified?></td>
     <td class="DataTD"><a href="account.php?id=19&cert=<?=$row['id']?>"><?=$row['CN']?></a></td>
 <? } ?>
-	<td class="DataTD"><?=$row['serial']?></td>
+	  <td class="DataTD"><?=$row['serial']?></td>
     <td class="DataTD"><?=$row['revoke']?></td>
     <td class="DataTD"><?=$row['expires']?></td>
+    <td class="DataTD"><input name="comment_<?=$row['id']?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td>
+    <td class="DataTD"><input type="checkbox" name="check_comment_<?=$row['id']?>" /></td>
   </tr>
 <? } ?>
+  <tr>
+    <td class="DataTD" colspan="8">
+      <?=_('* Comment is NOT included in the certificate as it is intended for your personal reference only. To change the comment tick the checkbox and hit "Change Settings".')?>
+    </td>
+  </tr>
   <tr>
     <td class="DataTD" colspan="6"><input type="submit" name="renew" value="<?=_("Renew")?>">&#160;&#160;&#160;&#160;
     			<input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>"></td>
+    <td class="DataTD" colspan="2"><input type="submit" name="change" value="<?=_("Change settings")?>"> </td>
   </tr>
 <? } ?>
 </table>
diff --git a/pages/account/20.php b/pages/account/20.php
index 510b708..0187013 100644
--- a/pages/account/20.php
+++ b/pages/account/20.php
@@ -27,11 +27,13 @@
 <p><?=_("If the Subscriber's name and/or domain name registration change the subscriber will immediately inform CAcert Inc. who shall revoke the digital certificate. When the Digital Certificate expires or is revoked the company will permanently remove the certificate from the server on which it is installed and will not use it for any purpose thereafter. The person responsible for key management and security is fully authorized to install and utilize the certificate to represent this organization's electronic presence.")?></p>
 
 <form method="post" action="account.php">
-<input type="radio" name="rootcert" value="1"> <?=_("Sign by class 1 root certificate")?><br>
-<input type="radio" name="rootcert" value="2" checked> <?=_("Sign by class 3 root certificate")?><br>
+<input type="radio" name="rootcert" value="1" /> <?=_("Sign by class 1 root certificate")?><br />
+<input type="radio" name="rootcert" value="2" checked /> <?=_("Sign by class 3 root certificate")?><br />
+<p> <?=_("Optional comment, only used in the certifictate overview")?><br />
+       <input type="text" name="description" maxlength="80" size=80 /></p>
 <p><?=_("Please note: The class 3 root certificate needs to be setup in your webserver as a chained certificate, while slightly more complicated to setup, this root certificate is more likely to be trusted by more people.")?></p>
 <p><?=_("Paste your CSR below...")?></p>
-<textarea name="CSR" cols="80" rows="15"></textarea><br>
-<input type="submit" name="process" value="<?=_("Submit")?>">
-<input type="hidden" name="oldid" value="<?=$id?>">
-</form>
+<textarea name="CSR" cols="80" rows="15"></textarea><br />
+<input type="submit" name="process" value="<?=_("Submit")?>" />
+<input type="hidden" name="oldid" value="<?=$id?>" />
+</form>
\ No newline at end of file
diff --git a/pages/account/22.php b/pages/account/22.php
index 9df8200..cb40cf2 100644
--- a/pages/account/22.php
+++ b/pages/account/22.php
@@ -19,16 +19,16 @@
 <form method="post" action="account.php">
 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
   <tr>
-    <td colspan="6" class="title"><?=_("Domain Certificates")?> - <a href="account.php?id=22&amp;viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td>
+    <td colspan="8" class="title"><?=_("Domain Certificates")?> - <a href="account.php?id=22&amp;viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td>
   </tr>
   <tr>
     <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
     <td class="DataTD"><?=_("Status")?></td>
     <td class="DataTD"><?=_("CommonName")?></td>
-	<td class="DataTD"><?=_("SerialNumber")?></td>
+    <td class="DataTD"><?=_("SerialNumber")?></td>
     <td class="DataTD"><?=_("Revoked")?></td>
     <td class="DataTD"><?=_("Expires")?></td>
-
+    <td colspan="2" class="DataTD"><?=_("Comment *")?></td>
 <?
 	$query = "select UNIX_TIMESTAMP(`orgdomaincerts`.`created`) as `created`,
 			UNIX_TIMESTAMP(`orgdomaincerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`,
@@ -36,7 +36,8 @@
 			`orgdomaincerts`.`expire` as `expires`, `revoked` as `revoke`,
 			UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`,
 			`orgdomaincerts`.`serial`,
-			 `orgdomaincerts`.`id` as `id`
+			`orgdomaincerts`.`id` as `id`,
+			`orgdomaincerts`.`description`
 			from `orgdomaincerts`,`org`
 			where `org`.`memid`='".intval($_SESSION['profile']['id'])."' and `orgdomaincerts`.`orgid`=`org`.`orgid` ";
 	if($viewall != 1)
@@ -51,7 +52,7 @@
 	{
 ?>
   <tr>
-    <td colspan="6" class="DataTD"><?=_("No domains are currently listed.")?></td>
+    <td colspan="8" class="DataTD"><?=_("No domains are currently listed.")?></td>
   </tr>
 <? } else {
 	while($row = mysql_fetch_assoc($res))
@@ -77,18 +78,26 @@
 <? } ?>
     <td class="DataTD"><?=$verified?></td>
     <td class="DataTD"><a href="account.php?id=23&cert=<?=$row['id']?>"><?=$row['CN']?></a></td>
-	<td class="DataTD"><?=$row['serial']?></td>
+    <td class="DataTD"><?=$row['serial']?></td>
     <td class="DataTD"><?=$row['revoke']?></td>
     <td class="DataTD"><?=$row['expires']?></td>
+    <td class="DataTD"><input name="comment_<?=$row['id']?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td>
+    <td class="DataTD"><input type="checkbox" name="check_comment_<?=$row['id']?>" /></td>
   </tr>
 <? } ?>
   <tr>
-    <td class="DataTD" colspan="6"><input type="submit" name="renew" value="<?=_("Renew")?>">&#160;&#160;&#160;&#160;
-	    <input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>"></td>
+    <td class="DataTD" colspan="8">
+      <?=_('* Comment is NOT included in the certificate as it is intended for your personal reference only. To change the comment tick the checkbox and hit "Change Settings".')?>
+    </td>
+  </tr>
+  <tr>
+    <td class="DataTD" colspan="6"><input type="submit" name="renew" value="<?=_("Renew")?>" />&#160;&#160;&#160;&#160;
+	    <input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>" /></td>
+    <td class="DataTD" colspan="2"><input type="submit" name="change" value="<?=_("Change settings")?>" /> </td>
   </tr>
 <? } ?>
 </table>
-<input type="hidden" name="oldid" value="<?=$id?>">
+<input type="hidden" name="oldid" value="<?=$id?>" />
 <input type="hidden" name="csrf" value="<?=make_csrf('orgsrvcerchange')?>" />
 </form>
 <p><?=_("From here you can delete pending requests, or revoke valid certificates.")?></p>
diff --git a/pages/account/3.php b/pages/account/3.php
index 5590488..c2165c2 100644
--- a/pages/account/3.php
+++ b/pages/account/3.php
@@ -44,7 +44,7 @@
     <td class="DataTD"><input type="checkbox" name="addid[]" value="<?=intval($row['id'])?>"></td>
     <td class="DataTD"><?=sanitizeHTML($row['email'])?></td>
   </tr>
-<? } 
+<? }
 if($_SESSION['profile']['points'] >= 50)
 {
 	$fname = $_SESSION['profile']['fname'];
@@ -52,40 +52,44 @@ if($_SESSION['profile']['points'] >= 50)
 	$lname = $_SESSION['profile']['lname'];
 	$suffix = $_SESSION['profile']['suffix'];
 ?>
-  <tr>
     <td class="DataTD" colspan="2" align="left">
-	<input type="radio" name="rootcert" value="1" checked> <?=_("Sign by class 1 root certificate")?><br>
-	<input type="radio" name="rootcert" value="2"> <?=_("Sign by class 3 root certificate")?><br>
-	<?=str_replace("\n", "<br>\n", wordwrap(_("Please note: The class 3 root certificate needs to be imported into your email program as well as the class 1 root certificate so your email program can build a full trust path chain. Until we are included in browsers this might not be a desirable option for most people"), 125))?>
+      <input type="radio" name="rootcert" value="1" checked /> <?=_("Sign by class 1 root certificate")?><br />
+      <input type="radio" name="rootcert" value="2" /> <?=_("Sign by class 3 root certificate")?><br />
+      <?=str_replace("\n", "<br />\n", wordwrap(_("Please note: The class 3 root certificate needs to be imported into your email program as well as the class 1 root certificate so your email program can build a full trust path chain. Until we are included in browsers this might not be a desirable option for most people"), 125))?>
     </td>
   </tr>
   <tr>
     <td class="DataTD" colspan="2" align="left">
-	<input type="radio" name="incname" value="0" checked> <?=_("No Name")?><br>
-<? if($fname && $lname) { ?><input type="radio" name="incname" value="1"> <?=_("Include")?> '<?=$fname." ".$lname?>'<br><? } ?>
-<? if($fname && $mname && $lname) { ?><input type="radio" name="incname" value="2"> <?=_("Include")?> '<?=$fname." ".$mname." ".$lname?>'<br><? } ?>
-<? if($fname && $lname && $suffix) { ?><input type="radio" name="incname" value="3"> <?=_("Include")?> '<?=$fname." ".$lname." ".$suffix?>'<br><? } ?>
-<? if($fname && $mname && $lname && $suffix) { ?><input type="radio" name="incname" value="4"> <?=_("Include")?> '<?=$fname." ".$mname." ".$lname." ".$suffix?>'<br><? } ?>
+      <input type="radio" name="incname" value="0" checked /> <?=_("No Name")?><br />
+      <? if($fname && $lname) { ?><input type="radio" name="incname" value="1" /> <?=_("Include")?> '<?=$fname." ".$lname?>'<br /><? } ?>
+      <? if($fname && $mname && $lname) { ?><input type="radio" name="incname" value="2" /> <?=_("Include")?> '<?=$fname." ".$mname." ".$lname?>'<br /><? } ?>
+      <? if($fname && $lname && $suffix) { ?><input type="radio" name="incname" value="3" /> <?=_("Include")?> '<?=$fname." ".$lname." ".$suffix?>'<br /><? } ?>
+      <? if($fname && $mname && $lname && $suffix) { ?><input type="radio" name="incname" value="4" /> <?=_("Include")?> '<?=$fname." ".$mname." ".$lname." ".$suffix?>'<br /><? } ?>
     </td>
   </tr>
-<? } ?> 
+<? } ?>
 <? if($_SESSION['profile']['points'] >= 100 && $_SESSION['profile']['codesign'] > 0) { ?>
   <tr>
     <td class="DataTD" align="left">
-	<input type="checkbox" name="codesign" value="1"> <?=_("Code Signing")?></td>
+      <input type="checkbox" name="codesign" value="1" /> <?=_("Code Signing")?></td>
     <td class="DataTD" align="left">
-	<?=_("Please Note: By ticking this box you will automatically have your name included in any certificates.")?>
+      <?=_("Please Note: By ticking this box you will automatically have your name included in any certificates.")?>
     </td>
   </tr>
 <? } ?>
 
   <tr>
     <td class="DataTD" colspan="2" align="left">
-      <input type="checkbox" name="login" value="1" checked="checked"> <?=_("Enable certificate login with this certificate")?><br>
+      <input type="checkbox" name="login" value="1" checked="checked" /> <?=_("Enable certificate login with this certificate")?><br />
       <?=_("By allowing certificate login, this certificate can be used to login into this account at https://secure.cacert.org/ .")?><br/>
     </td>
   </tr>
-
+  <tr>
+   <td class="DataTD" colspan="2" align="left">
+      <?=_("Optional comment, only used in the certifictate overview max. 100 characters")?><br />
+       <input type="text" name="description" maxlength="100" size="100" />
+   </td>
+  </tr>
 
   <tr name="expertoff" style="display:none">
     <td class="DataTD" colspan="2" align="left">
@@ -95,12 +99,14 @@ if($_SESSION['profile']['points'] >= 50)
 
   <tr name="expert">
     <td class="DataTD" colspan="2" align="left">
-	<input type="radio" name="SSO" value="0" checked> <?=_("No Single Sign On ID")?><br>
-	<input type="radio" name="SSO" value="1"> <?=_("Add Single Sign On ID Information")?><br>
+	<input type="radio" name="SSO" value="0" checked /> <?=_("No Single Sign On ID")?><br />
+	<input type="radio" name="SSO" value="1" /> <?=_("Add Single Sign On ID Information")?><br />
 	<?=str_replace("\n", "<br>\n", wordwrap(_("By adding Single Sign On (SSO) ID information to your certificates this could be used to track you, you can also issue certificates with no email addresses that are useful only for Authentication. Please see a more detailed description on our WIKI about it."), 125))?>
 	<a href="http://wiki.cacert.org/wiki/SSO"><?=_("SSO WIKI Entry")?></a>
     </td>
   </tr>
+
+
  <tr name="expert">
     <td class="DataTD" colspan="2"><?=_("Optional Client CSR, no information on the certificate will be used")?></td>
  </tr>
@@ -108,10 +114,10 @@ if($_SESSION['profile']['points'] >= 50)
     <td class="DataTD" colspan="2"><textarea name="optionalCSR" cols="80" rows="5"></textarea></td>
  </tr>
  <tr>
-    <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
+    <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>" /></td>
   </tr>
 </table>
-<input type="hidden" name="oldid" value="<?=$id?>">
+<input type="hidden" name="oldid" value="<?=$id?>" />
 </form>
 
 <script language="javascript">
diff --git a/pages/account/5.php b/pages/account/5.php
index 5c131ba..9607850 100644
--- a/pages/account/5.php
+++ b/pages/account/5.php
@@ -19,28 +19,29 @@
 <form method="post" action="account.php">
 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
   <tr>
-    <td colspan="7" class="title"><?=_("Client Certificates")?> - <a href="account.php?id=5&amp;viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td>
+    <td colspan="10" class="title"><?=_("Client Certificates")?> - <a href="account.php?id=5&amp;viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td>
   </tr>
   <tr>
     <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
     <td class="DataTD"><?=_("Status")?></td>
     <td class="DataTD"><?=_("Email Address")?></td>
-	<td class="DataTD"><?=_("SerialNumber")?></td>
+    <td class="DataTD"><?=_("SerialNumber")?></td>
     <td class="DataTD"><?=_("Revoked")?></td>
     <td class="DataTD"><?=_("Expires")?></td>
     <td class="DataTD"><?=_("Login")?></td>
-
+    <td colspan="2" class="DataTD"><?=_("Comment *")?></td>
 <?
 	$query = "select UNIX_TIMESTAMP(`emailcerts`.`created`) as `created`,
 			UNIX_TIMESTAMP(`emailcerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`,
 			UNIX_TIMESTAMP(`emailcerts`.`expire`) as `expired`,
-			`emailcerts`.`expire` as `expires`, 
+			`emailcerts`.`expire` as `expires`,
 			`emailcerts`.`revoked` as `revoke`,
-			UNIX_TIMESTAMP(`emailcerts`.`revoked`) as `revoked`, 
+			UNIX_TIMESTAMP(`emailcerts`.`revoked`) as `revoked`,
 			`emailcerts`.`id`,
 			`emailcerts`.`CN`,
 			`emailcerts`.`serial`,
-			emailcerts.disablelogin as `disablelogin`
+			`emailcerts`.`disablelogin` as `disablelogin`,
+			`emailcerts`.`description`
 			from `emailcerts`
 			where `emailcerts`.`memid`='".$_SESSION['profile']['id']."'
 			";
@@ -56,7 +57,7 @@
 	{
 ?>
   <tr>
-    <td colspan="7" class="DataTD"><?=_("No client certificates are currently listed.")?></td>
+    <td colspan="10" class="DataTD"><?=_("No client certificates are currently listed.")?></td>
   </tr>
 <? } else {
 	while($row = mysql_fetch_assoc($res))
@@ -86,31 +87,39 @@
     <td class="DataTD"><?=$verified?></td>
     <td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></td>
 <? } ?>
-	<td class="DataTD"><?=$row['serial']?></td>
+    <td class="DataTD"><?=$row['serial']?></td>
     <td class="DataTD"><?=$row['revoke']?></td>
     <td class="DataTD"><?=$row['expires']?></td>
     <td class="DataTD">
       <input type="checkbox" name="disablelogin_<?=$row['id']?>" value="1" <?=$row['disablelogin']?"":"checked='checked'"?>/>
-      <input type="hidden" name="cert_<?=$row['id']?>" value="1"/>
+      <input type="hidden" name="cert_<?=$row['id']?>" value="1" />
     </td>
+    <td class="DataTD"><input name="comment_<?=$row['id']?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td>
+    <td class="DataTD"><input type="checkbox" name="check_comment_<?=$row['id']?>" /></td>
   </tr>
-<? } ?>
+    <? } ?>
   <tr>
-    <td class="DataTD" colspan="8">
+    <td class="DataTD" colspan="9">
       <a href="account.php?id=5&amp;viewall=<?=!$viewall?>"><b><?=$viewall?_("Hide old certificates"):_("View all certificates")?></b></a>
     </td>
   </tr>
 
   <tr>
-    <td class="DataTD" colspan="5"><input type="submit" name="renew" value="<?=_("Renew")?>">&#160;&#160;&#160;&#160;
-    			<input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>"></td>
+    <td class="DataTD" colspan="9">
+      <?=_('* Comment is NOT included in the certificate as it is intended for your personal reference only. To change the comment tick the checkbox and hit "Change Settings".')?>
+    </td>
+  </tr>
 
-    <td class="DataTD" colspan="3"><input type="submit" name="change" value="<?=_("Change settings")?>"> </td>
+  <tr>
+    <td class="DataTD" colspan="5"><input type="submit" name="renew" value="<?=_("Renew")?>" />&#160;&#160;&#160;&#160;
+       <input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>" /></td>
+
+    <td class="DataTD" colspan="4"><input type="submit" name="change" value="<?=_("Change settings")?>" /> </td>
 
   </tr>
 <? } ?>
 </table>
-<input type="hidden" name="oldid" value="<?=$id?>">
+<input type="hidden" name="oldid" value="<?=$id?>" />
 <input type="hidden" name="csrf" value="<?=make_csrf('clicerchange')?>" />
 </form>
 <p><?=_("From here you can delete pending requests, or revoke valid certificates.")?></p>
diff --git a/pages/account/6.php b/pages/account/6.php
index 38af8e8..ae72730 100644
--- a/pages/account/6.php
+++ b/pages/account/6.php
@@ -18,7 +18,24 @@
 <?
 	$certid = 0; if(array_key_exists('cert',$_REQUEST)) $certid=intval($_REQUEST['cert']);
 
-	$query = "select * from `emailcerts` where `id`='$certid' and `memid`='".intval($_SESSION['profile']['id'])."'";
+//	$query = "select * from `emailcerts` where `id`='$certid' and `memid`='".intval($_SESSION['profile']['id'])."'";
+	$query = "select UNIX_TIMESTAMP(`emailcerts`.`created`) as `created`,
+			UNIX_TIMESTAMP(`emailcerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`,
+			UNIX_TIMESTAMP(`emailcerts`.`expire`) as `expired`,
+			`emailcerts`.`expire` as `expires`,
+			`emailcerts`.`revoked` as `revoke`,
+			UNIX_TIMESTAMP(`emailcerts`.`revoked`) as `revoked`,
+			`emailcerts`.`id`,
+			`emailcerts`.`CN`,
+			`emailcerts`.`serial`,
+			`emailcerts`.`disablelogin` as `disablelogin`,
+			`emailcerts`.`crt_name`,
+			`emailcerts`.`keytype`,
+			`emailcerts`.`description`
+			from `emailcerts`
+			where `emailcerts`.`id`='$certid' and `emailcerts`.`memid`='".intval($_SESSION['profile']['id'])."'";
+
+
 	$res = mysql_query($query);
 	if(mysql_num_rows($res) <= 0)
 	{
@@ -127,10 +144,73 @@
 
 <p><?=_("Your certificate:")?></p>
 <pre><?=$cert?></pre>
-<?
- 
-		showfooter();
-		exit;
-	}
-?>
 
+<form method="post" action="account.php">
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+	<tr>
+		<td colspan="2" class="title"><?=_("Information about the certificte")?></td>
+	</tr>
+<?
+	if($row['timeleft'] > 0)
+		$verified = _("Valid");
+	if($row['timeleft'] < 0)
+		$verified = _("Expired");
+	if($row['expired'] == 0)
+		$verified = _("Pending");
+	if($row['revoked'] > 0)
+		$verified = _("Revoked");
+	if($row['revoked'] == 0)
+		$row['revoke'] = _("Not Revoked");
+?>
+	<tr>
+		<td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
+<? if($verified != _("Pending") && $verified != _("Revoked")) { ?>
+		<td class="DataTD"><input type="checkbox" name="revokeid[<?=$row['id']?>]" ></td>
+<? } else if($verified != _("Revoked")) { ?>
+		<td class="DataTD"><input type="checkbox" name="delid[<?=$row['id']?>]"></td>
+<? } else { ?>
+		<td class="DataTD">&nbsp;</td>
+<? } ?>
+	</tr>
+	<tr>
+		<td class="DataTD"><?=_("Status")?></td>
+		<td class="DataTD"><?=$verified?></td>
+	</tr>
+	<tr>
+		<td class="DataTD"><?=_("Email Address")?></td>
+		<td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></td>
+	</tr>
+	<tr>
+		<td class="DataTD"><?=_("SerialNumber")?></td>
+		<td class="DataTD"><?=$row['serial']?></td>
+	</tr>
+	<tr>
+		<td class="DataTD"><?=_("Revoked")?></td>
+		<td class="DataTD"><?=$row['revoke']?></td>
+	</tr>
+	<tr>
+		<td class="DataTD"><?=_("Expires")?></td>
+		<td class="DataTD"><?=$row['expires']?></td>
+	</tr>
+	<tr>
+		<td class="DataTD"><?=_("Login")?></td>
+		<td class="DataTD">
+			<input type="checkbox" name="disablelogin" value="1" <?=$row['disablelogin']?"":"checked='checked'"?>/>
+		</td>
+	</tr>
+	<tr>
+		<td class="DataTD"><?=_("Comment")?></td>
+		<td class="DataTD"><input type="text" name="description" maxlength="100" size=100 value="<?=htmlspecialchars($row['description'])?>"></td>
+	</tr>
+	<tr>
+		<td class="DataTD" colspan="2"><input type="submit" name="change" value="<?=_("Change settings")?>"> </td>
+	</tr>
+</table>
+<input type="hidden" name="oldid" value="6">
+<input type="hidden" name="certid" value="<?=$certid?>">
+</form>
+
+<?
+	showfooter();
+	exit;
+}
\ No newline at end of file
diff --git a/pages/account/8.php b/pages/account/8.php
index 6b3de01..79448d1 100644
--- a/pages/account/8.php
+++ b/pages/account/8.php
@@ -25,7 +25,7 @@
   if(is_array($_SESSION['_config']['addy']))
 	foreach($_SESSION['_config']['addy'] as $add) { ?>
   <tr>
-    <td class="DataTD" width="75"><input type="radio" name="authaddy" value="<?=$add?>"<? if($tagged == 0) { echo " checked=\"checked\""; $tagged = 1; } ?>></td>
+    <td class="DataTD" width="75"><input type="radio" name="authaddy" value="<?=$add?>"<? if($tagged == 0) { echo " checked=\"checked\""; $tagged = 1; } ?> /></td>
     <td class="DataTD" width="175"><?=$add?></td>
   </tr>
 <? } ?>
@@ -34,5 +34,5 @@
   </tr>
 </table>
 <input type="hidden" name="csrf" value="<?=make_csrf('ctcinfo')?>" />
-<input type="hidden" name="oldid" value="<?=$id?>">
+<input type="hidden" name="oldid" value="<?=$id?>" />
 </form>
diff --git a/pages/gpg/0.php b/pages/gpg/0.php
index ce3b72a..7c7a37b 100644
--- a/pages/gpg/0.php
+++ b/pages/gpg/0.php
@@ -19,7 +19,9 @@
 ?>
 <p><?=_("Paste your own public OpenPGP key below. It should not contain a picture. CAcert will sign your key after submission.")?></p>
 <form method="post" action="gpg.php">
-<textarea name="CSR" cols="80" rows="15"><?=array_key_exists('CSR',$_POST)?strip_tags($_POST['CSR']):""?></textarea><br>
-<input type="submit" name="process" value="<?=_("Submit")?>">
-<input type="hidden" name="oldid" value="<?=$id?>">
+<p><?=_("Optional comment, only used in the certifictate overview")?><br />
+       <input type="text" name="description" maxlength="80" size=80 /></p>
+<textarea name="CSR" cols="80" rows="15"><?=array_key_exists('CSR',$_POST)?strip_tags($_POST['CSR']):""?></textarea><br />
+<input type="submit" name="process" value="<?=_("Submit")?>" />
+<input type="hidden" name="oldid" value="<?=$id?>" />
 </form>
diff --git a/pages/gpg/2.php b/pages/gpg/2.php
index e10935e..cc8a872 100644
--- a/pages/gpg/2.php
+++ b/pages/gpg/2.php
@@ -15,29 +15,30 @@
     along with this program; if not, write to the Free Software
     Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 */ ?>
+<form method="post" action="gpg.php">
 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
   <tr>
-    <td colspan="5" class="title"><?=_("OpenPGP Keys")?></td>
+    <td colspan="6" class="title"><?=_("OpenPGP Keys")?></td>
   </tr>
   <tr>
     <td class="DataTD"><?=_("Status")?></td>
     <td class="DataTD"><?=_("Email Address")?></td>
     <td class="DataTD"><?=_("Expires")?></td>
     <td class="DataTD"><?=_("Key ID")?></td>
-
+    <td colspan="2" class="DataTD"><?=_("Comment *")?></td>
 <?
 	$query = "select UNIX_TIMESTAMP(`issued`) as `issued`,
 			UNIX_TIMESTAMP(`expire`) - UNIX_TIMESTAMP() as `timeleft`,
 			UNIX_TIMESTAMP(`expire`) as `expired`,
-			`expire` as `expires`, `id`, `level`, 
-			`email`,`keyid` from `gpg` where `memid`='".intval($_SESSION['profile']['id'])."'
+			`expire` as `expires`, `id`, `level`,
+			`email`,`keyid`,`description` from `gpg` where `memid`='".intval($_SESSION['profile']['id'])."'
 			ORDER BY `issued` desc";
 	$res = mysql_query($query);
 	if(mysql_num_rows($res) <= 0)
 	{
 ?>
   <tr>
-    <td colspan="5" class="DataTD"><?=_("No OpenPGP keys are currently listed.")?></td>
+    <td colspan="6" class="DataTD"><?=_("No OpenPGP keys are currently listed.")?></td>
   </tr>
 <? } else {
 	while($row = mysql_fetch_assoc($res))
@@ -62,10 +63,19 @@
 <? } ?>
     <td class="DataTD"><?=$row['expires']?></td>
     <td class="DataTD"><a href="gpg.php?id=3&amp;cert=<?=$row['id']?>"><?=$row['keyid']?></a></td>
-
+    <td class="DataTD"><input name="comment_<?=$row['id']?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td>
+    <td class="DataTD"><input type="checkbox" name="check_comment_<?=$row['id']?>" /></td>
   </tr>
 <? } ?>
 <? } ?>
+  <tr>
+    <td class="DataTD" colspan="6">
+      <?=_('* Comment is NOT included in the certificate as it is intended for your personal reference only. To change the comment tick the checkbox and hit "Change Settings".')?>
+    </td>
+  </tr>
+  <tr>
+    <td class="DataTD" colspan="6"><input type="submit" name="change" value="<?=_("Change settings")?>" /> </td>
+  </tr>
 </table>
-<input type="hidden" name="oldid" value="<?=$id?>">
+<input type="hidden" name="oldid" value="<?=$id?>" />
 </form>
diff --git a/www/gpg.php b/www/gpg.php
index 345b559..317072c 100644
--- a/www/gpg.php
+++ b/www/gpg.php
@@ -52,7 +52,7 @@ if(0)
   {
     showheader(_("Welcome to CAcert.org"));
     echo "The OpenPGP signing system is currently shutdown due to a maintenance. We hope to get it fixed within the next few hours. We are very sorry for the inconvenience.";
-  
+
     exit(0);
   }
 }
@@ -143,7 +143,7 @@ function verifyEmail($email)
 			$uidformatwrong=0;
 
 			if(sizeof($bits)<10) $uidformatwrong=1;
-			
+
 			if(preg_match("/\@.*\@/",$bits[9]))
 			{
 				showheader(_("Welcome to CAcert.org"));
@@ -251,7 +251,6 @@ function verifyEmail($email)
 		}
 		$resulttable.="</table>";
 
-
 		if($nok==0)
 		{
 			showheader(_("Welcome to CAcert.org"));
@@ -275,12 +274,20 @@ function verifyEmail($email)
 
 	if($oldid == "0" && $CSR != "")
 	{
+		//set variable for comment
+		if(trim($_REQUEST['description']) == ""){
+			$description= "";
+		}else{
+			$description= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
+		}
+
 		$query = "insert into `gpg` set `memid`='".intval($_SESSION['profile']['id'])."',
 						`email`='".mysql_real_escape_string($lastvalidemail)."',
 						`level`='1',
 						`expires`='".mysql_real_escape_string($expires)."',
 						`multiple`='".mysql_real_escape_string($multiple)."',
-						`keyid`='".mysql_real_escape_string($keyid)."'";
+						`keyid`='".mysql_real_escape_string($keyid)."',
+						`description`='".mysql_real_escape_string($description)."'";
 		mysql_query($query);
 		$id = mysql_insert_id();
 
@@ -334,7 +341,7 @@ function verifyEmail($email)
 				}
 
 				$mail="";
-	                        if (preg_match("/<([\w.-]*\@[\w.-]*)>/", $bits[9],$match)) {
+				if (preg_match("/<([\w.-]*\@[\w.-]*)>/", $bits[9],$match)) {
 					//echo "Found: ".$match[1];
 					$mail = trim(hex2bin($match[1]));
 				}
@@ -342,7 +349,7 @@ function verifyEmail($email)
 				{
 					//echo "Not found!\n";
 				}
-	
+
 				$emailok=verifyEmail($mail);
 
 				$uidid=$bits[7];
@@ -384,95 +391,89 @@ function verifyEmail($email)
 			}
 		}
 
+		if(count($ToBeDeleted)>0)
+		{
+			$descriptorspec = array(
+				0 => array("pipe", "r"),  // stdin is a pipe that the child will read from
+				1 => array("pipe", "w"),  // stdout is a pipe that the child will write to
+				2 => array("pipe", "w") // stderr is a file to write to
+			);
 
+			$stderr = fopen('php://stderr', 'w');
 
+			//echo "Keyid: $keyid\n";
 
-        if(count($ToBeDeleted)>0)
-	{
+			$process = proc_open("/usr/bin/gpg --homedir $cwd --no-tty --command-fd 0 --status-fd 1 --logger-fd 2 --edit-key $keyid", $descriptorspec, $pipes);
 
+			//echo "Process: $process\n";
+			//fputs($stderr,"Process: $process\n");
 
-		$descriptorspec = array(
-			0 => array("pipe", "r"),  // stdin is a pipe that the child will read from
-			1 => array("pipe", "w"),  // stdout is a pipe that the child will write to
-			2 => array("pipe", "w") // stderr is a file to write to
-		);
- 
-		$stderr = fopen('php://stderr', 'w'); 
+			if (is_resource($process)) {
+			//echo("it is a resource\n");
+			// $pipes now looks like this:
+			// 0 => writeable handle connected to child stdin
+			// 1 => readable handle connected to child stdout
+			// Any error output will be appended to /tmp/error-output.txt
+				while (!feof($pipes[1]))
+				{
+					$buffer = fgets($pipes[1], 4096);
+					//echo $buffer;
 
-
-		//echo "Keyid: $keyid\n";
-
-		$process = proc_open("/usr/bin/gpg --homedir $cwd --no-tty --command-fd 0 --status-fd 1 --logger-fd 2 --edit-key $keyid", $descriptorspec, $pipes);
- 
-		//echo "Process: $process\n";
-		//fputs($stderr,"Process: $process\n");
-
-		if (is_resource($process)) {
-		//echo("it is a resource\n");
-		// $pipes now looks like this:
-		// 0 => writeable handle connected to child stdin
-		// 1 => readable handle connected to child stdout
-		// Any error output will be appended to /tmp/error-output.txt
-			while (!feof($pipes[1])) 
+			if($buffer == "[GNUPG:] GET_BOOL keyedit.sign_all.okay\n")
 			{
-				$buffer = fgets($pipes[1], 4096);
-				//echo $buffer;
-
-      if($buffer == "[GNUPG:] GET_BOOL keyedit.sign_all.okay\n")
-      {
-        fputs($pipes[0],"yes\n");
-      }
-      elseif($buffer == "[GNUPG:] GOT_IT\n")
-      {
-      }
-      elseif(ereg("^\[GNUPG:\] GET_BOOL keyedit\.remove\.uid\.okay\s*",$buffer))
-      {
-        fputs($pipes[0],"yes\n");
-      }
-      elseif(ereg("^\[GNUPG:\] GET_LINE keyedit\.prompt\s*",$buffer))
-      {
-        if(count($ToBeDeleted)>0)
-        {
-	  $delthisuid=array_pop($ToBeDeleted);
-	  //echo "Deleting an UID $delthisuid\n";
-          fputs($pipes[0],"uid ".$delthisuid."\n");
-        }
-        else
-        {
-	  //echo "Saving\n";
-          fputs($pipes[0],$state?"save\n":"deluid\n");
-          $state++;
-        }
-      }
-      elseif($buffer == "[GNUPG:] GOOD_PASSPHRASE\n")
-      {
-      }
-      elseif(ereg("^\[GNUPG:\] KEYEXPIRED ",$buffer))
-      {
-        echo "Key expired!\n";
-	exit;
-      }
-      elseif($buffer == "")
-      {
-        //echo "Empty!\n";
-      }
-      else
-      {
-        echo "ERROR: UNKNOWN $buffer\n";
-      }
+				fputs($pipes[0],"yes\n");
+			}
+			elseif($buffer == "[GNUPG:] GOT_IT\n")
+			{
+			}
+			elseif(ereg("^\[GNUPG:\] GET_BOOL keyedit\.remove\.uid\.okay\s*",$buffer))
+			{
+				fputs($pipes[0],"yes\n");
+			}
+			elseif(ereg("^\[GNUPG:\] GET_LINE keyedit\.prompt\s*",$buffer))
+			{
+				if(count($ToBeDeleted)>0)
+				{
+					$delthisuid=array_pop($ToBeDeleted);
+					//echo "Deleting an UID $delthisuid\n";
+					fputs($pipes[0],"uid ".$delthisuid."\n");
+				}
+				else
+				{
+					//echo "Saving\n";
+					fputs($pipes[0],$state?"save\n":"deluid\n");
+					$state++;
+				}
+			}
+			elseif($buffer == "[GNUPG:] GOOD_PASSPHRASE\n")
+			{
+			}
+			elseif(ereg("^\[GNUPG:\] KEYEXPIRED ",$buffer))
+			{
+				echo "Key expired!\n";
+				exit;
+			}
+			elseif($buffer == "")
+			{
+				//echo "Empty!\n";
+			}
+			else
+			{
+				echo "ERROR: UNKNOWN $buffer\n";
+			}
 
 
 			}
 			//echo "Fertig\n";
 			fclose($pipes[0]);
- 
+
 			//echo stream_get_contents($pipes[1]);
 			fclose($pipes[1]);
- 
+
 			// It is important that you close any pipes before calling
 			// proc_close in order to avoid a deadlock
 			$return_value = proc_close($process);
- 
+
 			//echo "command returned $return_value\n";
 		}
 		else
@@ -508,6 +509,23 @@ function verifyEmail($email)
 		exit;
 	}
 
+	if($oldid == 2 && array_key_exists('change',$_REQUEST) && $_REQUEST['change'] != "")
+	{
+		showheader(_("My CAcert.org Account!"));
+		foreach($_REQUEST as $id => $val)
+		{
+			if(substr($id,0,14)=="check_comment_")
+			{
+				$cid = intval(substr($id,14));
+				$comment=trim(mysql_real_escape_string(stripslashes($_REQUEST['comment_'.$cid])));
+				mysql_query("update `gpg` set `description`='$comment' where `id`='$cid' and `memid`='".$_SESSION['profile']['id']."'");
+			}
+		}
+		echo(_("Certificate settings have been changed.")."<br/>\n");
+		showfooter();
+		exit;
+	}
+
 	$id = intval($id);
 
 	showheader(_("Welcome to CAcert.org"));