diff --git a/src/main/java/eu/webeid/security/exceptions/CertificateNotTrustedException.java b/src/main/java/eu/webeid/security/exceptions/CertificateNotTrustedException.java
index 6d2ac04e..02e44bdb 100644
--- a/src/main/java/eu/webeid/security/exceptions/CertificateNotTrustedException.java
+++ b/src/main/java/eu/webeid/security/exceptions/CertificateNotTrustedException.java
@@ -30,7 +30,7 @@
 public class CertificateNotTrustedException extends AuthTokenException {
 
     public CertificateNotTrustedException(X509Certificate certificate, Throwable e) {
-        super("Certificate " + certificate.getSubjectDN() + " is not trusted", e);
+        super("Certificate " + certificate.getSubjectX500Principal() + " is not trusted", e);
     }
 
 }
diff --git a/src/main/java/eu/webeid/security/validator/AuthTokenValidatorBuilder.java b/src/main/java/eu/webeid/security/validator/AuthTokenValidatorBuilder.java
index aef92803..9122ee67 100644
--- a/src/main/java/eu/webeid/security/validator/AuthTokenValidatorBuilder.java
+++ b/src/main/java/eu/webeid/security/validator/AuthTokenValidatorBuilder.java
@@ -77,7 +77,7 @@ public AuthTokenValidatorBuilder withTrustedCertificateAuthorities(X509Certifica
         if (LOG.isDebugEnabled()) {
             LOG.debug("Trusted intermediate certificate authorities set to {}",
                 configuration.getTrustedCACertificates().stream()
-                    .map(X509Certificate::getSubjectDN)
+                    .map(X509Certificate::getSubjectX500Principal)
                     .collect(Collectors.toList()));
         }
         return this;
diff --git a/src/main/java/eu/webeid/security/validator/ocsp/OcspResponseValidator.java b/src/main/java/eu/webeid/security/validator/ocsp/OcspResponseValidator.java
index 6683ce11..0dc4fda5 100644
--- a/src/main/java/eu/webeid/security/validator/ocsp/OcspResponseValidator.java
+++ b/src/main/java/eu/webeid/security/validator/ocsp/OcspResponseValidator.java
@@ -58,7 +58,7 @@ public static void validateHasSigningExtension(X509Certificate certificate) thro
         Objects.requireNonNull(certificate, "certificate");
         try {
             if (certificate.getExtendedKeyUsage() == null || !certificate.getExtendedKeyUsage().contains(OID_OCSP_SIGNING)) {
-                throw new OCSPCertificateException("Certificate " + certificate.getSubjectDN() +
+                throw new OCSPCertificateException("Certificate " + certificate.getSubjectX500Principal() +
                     " does not contain the key usage extension for OCSP response signing");
             }
         } catch (CertificateParsingException e) {