diff --git a/android-test/src/androidDeviceTest/java/okhttp/android/test/OkHttpTest.kt b/android-test/src/androidDeviceTest/java/okhttp/android/test/OkHttpTest.kt
index 8eaf809ef98c..9aa906907907 100644
--- a/android-test/src/androidDeviceTest/java/okhttp/android/test/OkHttpTest.kt
+++ b/android-test/src/androidDeviceTest/java/okhttp/android/test/OkHttpTest.kt
@@ -523,7 +523,7 @@ class OkHttpTest {
       assertTrue(tlsVersion == TlsVersion.TLS_1_2 || tlsVersion == TlsVersion.TLS_1_3)
       assertEquals(
         "CN=localhost",
-        (response.handshake!!.peerCertificates.first() as X509Certificate).subjectDN.name,
+        (response.handshake!!.peerCertificates.first() as X509Certificate).subjectX500Principal.name,
       )
     }
   }
diff --git a/okhttp-tls/src/test/java/okhttp3/tls/HandshakeCertificatesTest.kt b/okhttp-tls/src/test/java/okhttp3/tls/HandshakeCertificatesTest.kt
index 658d0954f6cd..0b469a51fe89 100644
--- a/okhttp-tls/src/test/java/okhttp3/tls/HandshakeCertificatesTest.kt
+++ b/okhttp-tls/src/test/java/okhttp3/tls/HandshakeCertificatesTest.kt
@@ -159,7 +159,7 @@ class HandshakeCertificatesTest {
     val acceptedIssuers = handshakeCertificates.trustManager.acceptedIssuers
     val names =
       acceptedIssuers
-        .map { it.subjectDN.name }
+        .map { it.subjectX500Principal.name }
         .toSet()
 
     // It's safe to assume all platforms will have a major Internet certificate issuer.
diff --git a/okhttp/src/commonJvmAndroid/kotlin/okhttp3/CertificatePinner.kt b/okhttp/src/commonJvmAndroid/kotlin/okhttp3/CertificatePinner.kt
index 925502aceacb..0d5c6f641f7c 100644
--- a/okhttp/src/commonJvmAndroid/kotlin/okhttp3/CertificatePinner.kt
+++ b/okhttp/src/commonJvmAndroid/kotlin/okhttp3/CertificatePinner.kt
@@ -196,7 +196,7 @@ class CertificatePinner internal constructor(
           append("\n    ")
           append(pin(element))
           append(": ")
-          append(element.subjectDN.name)
+          append(element.subjectX500Principal.name)
         }
         append("\n  Pinned certificates for ")
         append(hostname)
diff --git a/okhttp/src/commonJvmAndroid/kotlin/okhttp3/Handshake.kt b/okhttp/src/commonJvmAndroid/kotlin/okhttp3/Handshake.kt
index 4c61fc4b7bf6..6bf313ef5a2e 100644
--- a/okhttp/src/commonJvmAndroid/kotlin/okhttp3/Handshake.kt
+++ b/okhttp/src/commonJvmAndroid/kotlin/okhttp3/Handshake.kt
@@ -139,7 +139,7 @@ class Handshake internal constructor(
   private val Certificate.name: String
     get() =
       when (this) {
-        is X509Certificate -> subjectDN.toString()
+        is X509Certificate -> subjectX500Principal.toString()
         else -> type
       }
 
diff --git a/okhttp/src/commonJvmAndroid/kotlin/okhttp3/HttpUrl.kt b/okhttp/src/commonJvmAndroid/kotlin/okhttp3/HttpUrl.kt
index 646c698437e2..a1fba2503919 100644
--- a/okhttp/src/commonJvmAndroid/kotlin/okhttp3/HttpUrl.kt
+++ b/okhttp/src/commonJvmAndroid/kotlin/okhttp3/HttpUrl.kt
@@ -383,6 +383,7 @@ class HttpUrl private constructor(
     get() = scheme == "https"
 
   /** Returns this URL as a [java.net.URL][URL]. */
+  @Suppress("deprecation")
   @JvmName("url")
   fun toUrl(): URL {
     try {
diff --git a/okhttp/src/commonJvmAndroid/kotlin/okhttp3/internal/connection/ConnectPlan.kt b/okhttp/src/commonJvmAndroid/kotlin/okhttp3/internal/connection/ConnectPlan.kt
index e90421ccdc44..9847db21293d 100644
--- a/okhttp/src/commonJvmAndroid/kotlin/okhttp3/internal/connection/ConnectPlan.kt
+++ b/okhttp/src/commonJvmAndroid/kotlin/okhttp3/internal/connection/ConnectPlan.kt
@@ -363,7 +363,7 @@ class ConnectPlan internal constructor(
             """
             |Hostname ${address.url.host} not verified:
             |    certificate: ${CertificatePinner.pin(cert)}
-            |    DN: ${cert.subjectDN.name}
+            |    DN: ${cert.subjectX500Principal.name}
             |    subjectAltNames: ${OkHostnameVerifier.allSubjectAltNames(cert)}
             """.trimMargin(),
           )
diff --git a/okhttp/src/commonJvmAndroid/kotlin/okhttp3/internal/tls/BasicCertificateChainCleaner.kt b/okhttp/src/commonJvmAndroid/kotlin/okhttp3/internal/tls/BasicCertificateChainCleaner.kt
index ca9d3f14b192..18a03f932f16 100644
--- a/okhttp/src/commonJvmAndroid/kotlin/okhttp3/internal/tls/BasicCertificateChainCleaner.kt
+++ b/okhttp/src/commonJvmAndroid/kotlin/okhttp3/internal/tls/BasicCertificateChainCleaner.kt
@@ -109,7 +109,7 @@ class BasicCertificateChainCleaner(
     signingCert: X509Certificate,
     minIntermediates: Int,
   ): Boolean {
-    if (toVerify.issuerDN != signingCert.subjectDN) {
+    if (toVerify.issuerX500Principal != signingCert.subjectX500Principal) {
       return false
     }
     if (signingCert.basicConstraints < minIntermediates) {
diff --git a/okhttp/src/jvmTest/kotlin/okhttp3/CallKotlinTest.kt b/okhttp/src/jvmTest/kotlin/okhttp3/CallKotlinTest.kt
index 887a209f8f77..dc6e8aac6462 100644
--- a/okhttp/src/jvmTest/kotlin/okhttp3/CallKotlinTest.kt
+++ b/okhttp/src/jvmTest/kotlin/okhttp3/CallKotlinTest.kt
@@ -95,7 +95,7 @@ class CallKotlinTest {
       assertEquals(200, response.code)
       assertEquals(
         "CN=localhost",
-        (response.handshake!!.peerCertificates.single() as X509Certificate).subjectDN.name,
+        (response.handshake!!.peerCertificates.single() as X509Certificate).subjectX500Principal.name,
       )
     }
   }
diff --git a/okhttp/src/jvmTest/kotlin/okhttp3/URLConnectionTest.kt b/okhttp/src/jvmTest/kotlin/okhttp3/URLConnectionTest.kt
index 5b85f6384bba..9d2af0fc6410 100644
--- a/okhttp/src/jvmTest/kotlin/okhttp3/URLConnectionTest.kt
+++ b/okhttp/src/jvmTest/kotlin/okhttp3/URLConnectionTest.kt
@@ -4509,7 +4509,7 @@ class URLConnectionTest {
     private fun certificatesToString(certificates: Array<X509Certificate>): String {
       val result: MutableList<String> = ArrayList()
       for (certificate in certificates) {
-        result.add(certificate.subjectDN.toString() + " " + certificate.serialNumber)
+        result.add(certificate.subjectX500Principal.toString() + " " + certificate.serialNumber)
       }
       return result.toString()
     }
diff --git a/samples/guide/src/main/java/okhttp3/recipes/kt/CustomTrust.kt b/samples/guide/src/main/java/okhttp3/recipes/kt/CustomTrust.kt
index ddd34d1d93dd..89d7e8dc8378 100644
--- a/samples/guide/src/main/java/okhttp3/recipes/kt/CustomTrust.kt
+++ b/samples/guide/src/main/java/okhttp3/recipes/kt/CustomTrust.kt
@@ -171,7 +171,7 @@ class CustomTrust {
         println(response.body.string())
 
         for (peerCertificate in response.handshake?.peerCertificates.orEmpty()) {
-          println((peerCertificate as X509Certificate).subjectDN)
+          println((peerCertificate as X509Certificate).subjectX500Principal)
         }
       }
   }