diff --git a/nss-moz1458518.patch b/nss-moz1458518.patch
new file mode 100644
index 0000000..516d756
--- /dev/null
+++ b/nss-moz1458518.patch
@@ -0,0 +1,33 @@
+
+# HG changeset patch
+# User Robert Relyea <rrelyea@redhat.com>
+# Date 1525268789 -7200
+# Node ID 2f1ee2b8f7a65ecae1a84c02dcf0167ce3b57ab4
+# Parent  5a210945d2486d6443556ec578b22c05949e1049
+Bug 1458518, Nicknames of existing certificates in NSS SQL DB should remain unchanged on repeated import attempts, r=kaie
+
+diff --git a/lib/dev/devtoken.c b/lib/dev/devtoken.c
+--- a/lib/dev/devtoken.c
++++ b/lib/dev/devtoken.c
+@@ -523,17 +523,19 @@ nssToken_ImportCertificate(
+         }
+         /* according to PKCS#11, label, ID, issuer, and serial number
+          * may change after the object has been created.  For PKIX, the
+          * last two attributes can't change, so for now we'll only worry
+          * about the first two.
+          */
+         NSS_CK_TEMPLATE_START(cert_tmpl, attr, ctsize);
+         NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ID, id);
+-        NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_LABEL, nickname);
++        if (!rvObject->label && nickname) {
++            NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_LABEL, nickname);
++        }
+         NSS_CK_TEMPLATE_FINISH(cert_tmpl, attr, ctsize);
+         /* reset the mutable attributes on the token */
+         nssCKObject_SetAttributes(rvObject->handle,
+                                   cert_tmpl, ctsize,
+                                   session, slot);
+         if (!rvObject->label && nickname) {
+             rvObject->label = nssUTF8_Duplicate(nickname, NULL);
+         }
+