Maybe something like a green check mark in the top corner of the dialog and a wording like "The certificate was validated with the system CA store, but your settings indicate you want to review unkown/changed certificates." For the other case it could use something like a stop sign and a description Why you bring up the certificate to verification (unknown CA/expired/mismatch between hostname and hostnames in certificate...)