Applets are normally not placed on secure sites, because it can be signed itself. So a trusted server is not necessary. However if you place an applet on a secure site and here comes the problem that browser throws that warming message: "The page contains insecure elements. Do you want to display the insecure elements" To get rid of this, you have to load the applet from the https-URL. But then, the java-plugin complains about an invalid certificate. The certificate contains subject-alt-names which are correctly honored by all browsers like IE and Firefox. Only the applet suddenly complains that the name in the certificate would not match the server name. It might be a bug in sun.plugin.security.CertificateHostnameVerifyer.java The hostname is compared with the subject common name of the subject, but subjectAltName-Extensions of the certificate are plainly ignored. Other special cases are also missing, like subject name "*.example.com". This behavior can be seen in all java versions. But the implementation in JSSE is correct, so new URL("https://example.com/").openStream() works flawlessly with SAN and wildcard certificates. Should be simple to port the cert check routine from jsse to deployment. com.sun.deploy.security.CertificateHostnameVerifier.java (located in the JDK source under: deploy/src/common/classes)