Store information if certificate is valid and list of exceptions.
Description
Each time when user try to connect certificate should be checked if is valid/revoked. In case when certificate becomes invalid there is no need to make that check again, as it can't become valid again. Also it can be useful to display validity of certificate. The same goes for list of exceptions so user will not have to exempt certificates each time when he try to connect.
I am thinking that my original idea indeed might be a bit too complicated for user. I am thinking that I should kick out trust/distrust buttons and left only adding certificate to exceptions. Accept all valid certificate by default, don't accept invalid unless exempted. If someone want to distrust valid certificate then I would left for him only deleting it.
Minor
Each time when user try to connect certificate should be checked if is valid/revoked. In case when certificate becomes invalid there is no need to make that check again, as it can't become valid again. Also it can be useful to display validity of certificate. The same goes for list of exceptions so user will not have to exempt certificates each time when he try to connect.