diff --git a/httpclient/src/main/java/org/apache/http/conn/ssl/AbstractCommonHostnameVerifier.java b/httpclient/src/main/java/org/apache/http/conn/ssl/AbstractCommonHostnameVerifier.java
index 79e16e77b..49739eae3 100644
--- a/httpclient/src/main/java/org/apache/http/conn/ssl/AbstractCommonHostnameVerifier.java
+++ b/httpclient/src/main/java/org/apache/http/conn/ssl/AbstractCommonHostnameVerifier.java
@@ -50,6 +50,7 @@
 import javax.net.ssl.HostnameVerifier;
 import javax.net.ssl.SSLException;
 import javax.net.ssl.SSLSession;
+import javax.security.auth.x500.X500Principal;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
@@ -106,8 +107,8 @@ public final boolean verify(final String host, final SSLSession session) {
 
     public final void verify(
             final String host, final X509Certificate cert) throws SSLException {
-        final String subjectPrincipal = cert.getSubjectX500Principal().toString();
-        final String[] cns = extractCNs(subjectPrincipal);
+        final X500Principal subjectPrincipal = cert.getSubjectX500Principal();
+        final String[] cns = extractCNs(subjectPrincipal.getName(X500Principal.RFC2253));
         final String[] subjectAlts = extractSubjectAlts(cert, host);
         verify(host, cns, subjectAlts);
     }