diff --git a/src/opnsense/mvc/app/controllers/OPNsense/Core/Api/FirmwareController.php b/src/opnsense/mvc/app/controllers/OPNsense/Core/Api/FirmwareController.php
index 96d8b72e4..21e29ac61 100644
--- a/src/opnsense/mvc/app/controllers/OPNsense/Core/Api/FirmwareController.php
+++ b/src/opnsense/mvc/app/controllers/OPNsense/Core/Api/FirmwareController.php
@@ -254,16 +254,16 @@ class FirmwareController extends ApiControllerBase
             } elseif (array_key_exists('connection', $response) && $response['connection'] == 'timeout') {
                 $response['status_msg'] = gettext('Timeout while connecting to the selected mirror.');
                 $response['status'] = 'error';
-            } elseif (array_key_exists('connection', $response) && $response['connection'] == 'untrusted') {
-                $response['status_msg'] = gettext('Could not verify the repository fingerprint.');
-                $response['status'] = 'error';
-            } elseif (array_key_exists('connection', $response) && $response['connection'] == 'revoked') {
-                $response['status_msg'] = gettext('The repository fingerprint has been revoked.');
-                $response['status'] = 'error';
             } elseif (array_key_exists('connection', $response) && $response['connection'] != 'ok') {
                 $response['status_msg'] = gettext('An error occurred while connecting to the selected mirror.');
                 $response['status'] = 'error';
-            } elseif (array_key_exists('repository', $response) && $response['repository'] == 'error') {
+            } elseif (array_key_exists('repository', $response) && $response['repository'] == 'untrusted') {
+                $response['status_msg'] = gettext('Could not verify the repository fingerprint.');
+                $response['status'] = 'error';
+            } elseif (array_key_exists('repository', $response) && $response['repository'] == 'revoked') {
+                $response['status_msg'] = gettext('The repository fingerprint has been revoked.');
+                $response['status'] = 'error';
+            } elseif (array_key_exists('repository', $response) && $response['repository'] != 'ok') {
                 $response['status_msg'] = gettext('Could not find the repository on the selected mirror.');
                 $response['status'] = 'error';
             } elseif (array_key_exists('updates', $response) && $response['updates'] == 0) {
diff --git a/src/opnsense/scripts/firmware/check.sh b/src/opnsense/scripts/firmware/check.sh
index c645d750b..2e0094562 100755
--- a/src/opnsense/scripts/firmware/check.sh
+++ b/src/opnsense/scripts/firmware/check.sh
@@ -26,8 +26,8 @@
 # POSSIBILITY OF SUCH DAMAGE.
 
 # This script generates a json structured file with the following content:
-# connection: error|timeout|unauthenticated|untrusted|revoked|misconfigured|unresolved|busy|ok
-# repository: error|ok
+# connection: error|timeout|unauthenticated|misconfigured|unresolved|busy|ok
+# repository: error|untrusted|revoked|ok
 # last_ckeck: <date_time_stamp>
 # updates: <num_of_updates>
 # download_size: <size_of_total_downloads>
@@ -100,12 +100,14 @@ if [ "$pkg_running" == "" ]; then
           timer=0
         elif grep -q 'No trusted public keys found' $tmp_pkg_update_file; then
           # fingerprint mismatch
-          connection="untrusted"
+          repository="untrusted"
+          connection="ok"
           timer=0
         # XXX two space typo here in pkg:
         elif grep -q 'At least one of the  certificates has been revoked' $tmp_pkg_update_file; then
           # fingerprint mismatch
-          connection="revoked"
+          repository="revoked"
+          connection="ok"
           timer=0
         fi
       fi