diff --git a/controller/dataplane/controller_utils.go b/controller/dataplane/controller_utils.go
index fe1f25a77..83b0ee36e 100644
--- a/controller/dataplane/controller_utils.go
+++ b/controller/dataplane/controller_utils.go
@@ -326,21 +326,21 @@ func applyExtensions(ctx context.Context, cl client.Client, logger logr.Logger,
 		return false, false, nil
 	}
 	condition := k8sutils.NewConditionWithGeneration(consts.ResolvedRefsType, metav1.ConditionTrue, consts.ResolvedRefsReason, "", dataplane.GetGeneration())
-	err = applyDataPlaneKonnectExtension(ctx, cl, dataplane)
+	message, err := applyDataPlaneKonnectExtension(ctx, cl, dataplane)
 	if err != nil {
 		switch {
 		case errors.Is(err, ErrCrossNamespaceReference):
 			condition.Status = metav1.ConditionFalse
 			condition.Reason = string(consts.RefNotPermittedReason)
-			condition.Message = consts.RefNotPermittedMessage
+			condition.Message = message
 		case errors.Is(err, ErrKonnectExtensionNotFound):
 			condition.Status = metav1.ConditionFalse
 			condition.Reason = string(consts.InvalidExtensionRefReason)
-			condition.Message = consts.InvalidExtensionRefMessage
+			condition.Message = message
 		case errors.Is(err, ErrClusterCertificateNotFound):
 			condition.Status = metav1.ConditionFalse
 			condition.Reason = string(consts.InvalidSecretRefReason)
-			condition.Message = consts.InvalidSecretRefMessage
+			condition.Message = message
 		default:
 			return patched, true, err
 		}
diff --git a/controller/dataplane/konnect_extension.go b/controller/dataplane/konnect_extension.go
index 6365c037b..4a27270d4 100644
--- a/controller/dataplane/konnect_extension.go
+++ b/controller/dataplane/konnect_extension.go
@@ -3,6 +3,7 @@ package dataplane
 import (
 	"context"
 	"errors"
+	"fmt"
 
 	"github.com/samber/lo"
 	appsv1 "k8s.io/api/apps/v1"
@@ -29,14 +30,14 @@ var (
 
 // applyDataPlaneKonnectExtension gets the DataPlane as argument, and in case it references a KonnectExtension, it
 // fetches the referenced extension and applies the necessary changes to the DataPlane spec.
-func applyDataPlaneKonnectExtension(ctx context.Context, cl client.Client, dataplane *v1beta1.DataPlane) error {
+func applyDataPlaneKonnectExtension(ctx context.Context, cl client.Client, dataplane *v1beta1.DataPlane) (string, error) {
 	for _, extensionRef := range dataplane.Spec.Extensions {
 		if extensionRef.Group != operatorv1alpha1.SchemeGroupVersion.Group || extensionRef.Kind != operatorv1alpha1.DataPlaneKonnectExtensionKind {
 			continue
 		}
 		namespace := dataplane.Namespace
 		if extensionRef.Namespace != nil && *extensionRef.Namespace != namespace {
-			return ErrCrossNamespaceReference
+			return fmt.Sprintf("The cross-namespace reference to the extension %s/%s is not permitted", *extensionRef.Namespace, extensionRef.Name), ErrCrossNamespaceReference
 		}
 
 		konnectExt := operatorv1alpha1.DataPlaneKonnectExtension{}
@@ -45,9 +46,9 @@ func applyDataPlaneKonnectExtension(ctx context.Context, cl client.Client, datap
 			Name:      extensionRef.Name,
 		}, &konnectExt); err != nil {
 			if k8serrors.IsNotFound(err) {
-				return ErrKonnectExtensionNotFound
+				return fmt.Sprintf("The extension %s/%s referenced by the DataPlane is not found", namespace, extensionRef.Name), ErrKonnectExtensionNotFound
 			} else {
-				return err
+				return "", err
 			}
 		}
 
@@ -57,9 +58,9 @@ func applyDataPlaneKonnectExtension(ctx context.Context, cl client.Client, datap
 			Name:      konnectExt.Spec.AuthConfiguration.ClusterCertificateSecretRef.Name,
 		}, &secret); err != nil {
 			if k8serrors.IsNotFound(err) {
-				return ErrClusterCertificateNotFound
+				return fmt.Sprintf("The cluster certificate secret %s/%s referenced by the extension %s/%s is not found", namespace, konnectExt.Spec.AuthConfiguration.ClusterCertificateSecretRef.Name, namespace, extensionRef.Name), ErrClusterCertificateNotFound
 			} else {
-				return err
+				return "", err
 			}
 		}
 
@@ -93,7 +94,7 @@ func applyDataPlaneKonnectExtension(ctx context.Context, cl client.Client, datap
 		dputils.FillDataPlaneProxyContainerEnvs(nil, &d.Spec.Template, envSet)
 		dataplane.Spec.Deployment.PodTemplateSpec = &d.Spec.Template
 	}
-	return nil
+	return "", nil
 }
 
 func kongInKonnectClusterCertVolume(secretName string) corev1.Volume {
diff --git a/controller/dataplane/konnect_extension_test.go b/controller/dataplane/konnect_extension_test.go
index 780b17466..84bff9848 100644
--- a/controller/dataplane/konnect_extension_test.go
+++ b/controller/dataplane/konnect_extension_test.go
@@ -34,6 +34,7 @@ func TestApplyDataPlaneKonnectExtension(t *testing.T) {
 		konnectExt    *operatorv1alpha1.DataPlaneKonnectExtension
 		secret        *corev1.Secret
 		expectedError error
+		message       string
 	}{
 		{
 			name: "no extensions",
@@ -90,6 +91,7 @@ func TestApplyDataPlaneKonnectExtension(t *testing.T) {
 				},
 			},
 			expectedError: ErrCrossNamespaceReference,
+			message:       "The cross-namespace reference to the extension other/konnect-ext is not permitted",
 		},
 		{
 			name: "Extension not found",
@@ -117,6 +119,7 @@ func TestApplyDataPlaneKonnectExtension(t *testing.T) {
 				},
 			},
 			expectedError: ErrKonnectExtensionNotFound,
+			message:       "The extension default/konnect-ext referenced by the DataPlane is not found",
 		},
 		{
 			name: "Extension properly referenced, secret not found",
@@ -162,6 +165,7 @@ func TestApplyDataPlaneKonnectExtension(t *testing.T) {
 				},
 			},
 			expectedError: ErrClusterCertificateNotFound,
+			message:       "The cluster certificate secret default/cluster-cert-secret referenced by the extension default/konnect-ext is not found",
 		},
 		{
 			name: "Extension properly referenced, no deployment Options set.",
@@ -291,7 +295,8 @@ func TestApplyDataPlaneKonnectExtension(t *testing.T) {
 			cl := fake.NewClientBuilder().WithScheme(s).WithRuntimeObjects(objs...).Build()
 
 			dataplane := tt.dataplane.DeepCopy()
-			err := applyDataPlaneKonnectExtension(context.Background(), cl, dataplane)
+			message, err := applyDataPlaneKonnectExtension(context.Background(), cl, dataplane)
+			require.Equal(t, tt.message, message)
 			if tt.expectedError != nil {
 				require.ErrorIs(t, err, tt.expectedError)
 			} else {
diff --git a/pkg/consts/status.go b/pkg/consts/status.go
index fd9e4bf8f..469243da3 100644
--- a/pkg/consts/status.go
+++ b/pkg/consts/status.go
@@ -51,11 +51,4 @@ const (
 	InvalidExtensionRefReason ConditionReason = "InvalidExtension"
 	// InvalidSecretRefReason is a generic reason describing that the secret reference is invalid. It must be used when the ResolvedRefs condition is set to False.
 	InvalidSecretRefReason ConditionReason = "InvalidSecret"
-
-	// RefNotPermittedMessage indicates the reference is not permitted. It must be used when the ResolvedRefs condition is set to False.
-	RefNotPermittedMessage = "The extension cross-namespace reference is not permitted"
-	// InvalidExtensionRefMessage indicates the extension reference is invalid. It must be used when the ResolvedRefs condition is set to False.
-	InvalidExtensionRefMessage = "The referenced extension is invalid"
-	// InvalidSecretRefMessage indicates the secret reference is invalid. It must be used when the ResolvedRefs condition is set to False.
-	InvalidSecretRefMessage = "The secret referenced by the konnectExtension is invalid"
 )