diff --git a/core/java/src/net/i2p/crypto/CertUtil.java b/core/java/src/net/i2p/crypto/CertUtil.java
index 359ce7aac..aa484a522 100644
--- a/core/java/src/net/i2p/crypto/CertUtil.java
+++ b/core/java/src/net/i2p/crypto/CertUtil.java
@@ -18,6 +18,7 @@ import net.i2p.I2PAppContext;
 import net.i2p.data.Base64;
 import net.i2p.util.Log;
 import net.i2p.util.SecureFileOutputStream;
+import net.i2p.util.SystemVersion;
 
 /**
  *  Java X.509 certificate utilities, consolidated from various places.
@@ -65,11 +66,18 @@ public class CertUtil {
     }
 
     /**
-     *  Get a value out of the subject distinguished name
+     *  Get a value out of the subject distinguished name.
+     *
+     *  Warning - unsupported in Android (no javax.naming), returns null.
+     *
      *  @param type e.g. "CN"
      *  @return value or null if not found
      */
     public static String getSubjectValue(X509Certificate cert, String type) {
+        if (SystemVersion.isAndroid()) {
+            error("Don't call this in Android", new UnsupportedOperationException("I did it"));
+            return null;
+        }
         type = type.toUpperCase(Locale.US);
         X500Principal p = cert.getSubjectX500Principal();
         String subj = p.getName();
diff --git a/core/java/src/net/i2p/crypto/DirKeyRing.java b/core/java/src/net/i2p/crypto/DirKeyRing.java
index 6085694ea..38ba45bf8 100644
--- a/core/java/src/net/i2p/crypto/DirKeyRing.java
+++ b/core/java/src/net/i2p/crypto/DirKeyRing.java
@@ -14,9 +14,11 @@ import java.security.PublicKey;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
 
+import net.i2p.util.SystemVersion;
+
 /**
- *  Dumb storage in a directory for testing.
- *  No sanitization of filenames, unsafe.
+ *  Simple storage of each cert in a separate file in a directory.
+ *  Limited sanitization of filenames.
  *
  *  @since 0.9.9
  */
@@ -30,7 +32,9 @@ class DirKeyRing implements KeyRing {
 
     /**
      *  Cert must be in the file (escaped keyName).crt,
-     *  and have a CN == keyName
+     *  and have a CN == keyName.
+     *
+     *  CN check unsupported on Android.
      */
     public PublicKey getKey(String keyName, String scope, SigType type)
                             throws GeneralSecurityException, IOException {
@@ -49,14 +53,21 @@ class DirKeyRing implements KeyRing {
             CertificateFactory cf = CertificateFactory.getInstance("X.509");
             X509Certificate cert = (X509Certificate)cf.generateCertificate(fis);
             cert.checkValidity();
-            String cn = CertUtil.getSubjectValue(cert, "CN");
-            if (!keyName.equals(cn))
-                throw new GeneralSecurityException("CN mismatch: " + cn);
+            if (!SystemVersion.isAndroid()) {
+                // getSubjectValue() unsupported on Android.
+                // Any cert problems will be caught in non-Android testing.
+                String cn = CertUtil.getSubjectValue(cert, "CN");
+                if (!keyName.equals(cn))
+                    throw new GeneralSecurityException("CN mismatch: " + cn);
+            }
             return cert.getPublicKey();
         } finally {
             try { if (fis != null) fis.close(); } catch (IOException foo) {}
         }
     }
 
+    /**
+     *  Unimplemented, unused.
+     */
     public void setKey(String keyName, String scope, PublicKey key) {}
 }