Your browser trusts many certification authorities and intermediate sub-authorities quietly, every time you enter an HTTPS web site. This add-on reveals when certificates are updated, so you can ensure it was a legitimate change.
Here is a little more information about this great add-on:
Your web browser trusts a lot of certification authorities and chained sub-authorities, and it does so blindly. “Subordinate or intermediate certification authorities” are a little known device: The root CAs in your browser can delegate permission to issue certificates to an unlimited amount of subordinate CAs (SCA) just by signing their certificate, not by borrowing their precious private key to them. You can even buy yourself such a CA from GeoTrust or elsewhere.
Interested in giving Certificate Patrol a shot? You can pick it up at the Firefox Add-ons website.