diff --git a/src/share/classes/sun/security/util/HostnameChecker.java b/src/share/classes/sun/security/util/HostnameChecker.java
index 89712ddd9990fa17211fc5393f6aa1569fab2fe3..230b67d3b540e585d53c1be0a48c93ee238854fd 100644
--- a/src/share/classes/sun/security/util/HostnameChecker.java
+++ b/src/share/classes/sun/security/util/HostnameChecker.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -32,6 +32,7 @@ import java.util.*;
 
 import java.security.Principal;
 import java.security.cert.*;
+import java.text.Normalizer;
 
 import javax.security.auth.x500.X500Principal;
 import javax.net.ssl.SNIHostName;
@@ -220,7 +221,12 @@ public class HostnameChecker {
                                                     (X500Name.commonName_oid);
         if (derValue != null) {
             try {
-                if (isMatched(expectedName, derValue.getAsString())) {
+                String cname = derValue.getAsString();
+                if (!Normalizer.isNormalized(cname, Normalizer.Form.NFKC)) {
+                    throw new CertificateException("Not a formal name "
+                            + cname);
+                }
+                if (isMatched(expectedName, cname)) {
                     return;
                 }
             } catch (IOException e) {