diff --git a/browserid/lib/ca.js b/browserid/lib/ca.js
index b609a72ece079cdaca1164239e2c08c0a447a7ff..0d50b95542c8c9634b2b9bb9f4e64abdda4d6948 100644
--- a/browserid/lib/ca.js
+++ b/browserid/lib/ca.js
@@ -77,6 +77,7 @@ function loadPublicKey(name, dir) {
 
 var SECRET_KEY = loadSecretKey('root', configuration.get('var_path'));
 var PUBLIC_KEY = loadPublicKey('root', configuration.get('var_path'));
+var HOSTNAME = configuration.get('hostname');
 
 function parsePublicKey(serializedPK) {
   return jwk.PublicKey.deserialize(serializedPK);
@@ -89,14 +90,14 @@ function parseCert(serializedCert) {
 }
 
 function certify(email, publicKey, expiration) {
-  return new jwcert.JWCert("browserid.org", new Date(), publicKey, {email: email}).sign(SECRET_KEY);
+  return new jwcert.JWCert(HOSTNAME, new Date(), publicKey, {email: email}).sign(SECRET_KEY);
 }
 
 function verifyChain(certChain, cb) {
   // raw certs
   return jwcert.JWCert.verifyChain(certChain, function(issuer, next) {
     // for now we only do browserid.org issued keys
-    if (issuer != "browserid.org")
+    if (issuer != HOSTNAME)
       return next(null);
 
     next(PUBLIC_KEY);
diff --git a/verifier/lib/certassertion.js b/verifier/lib/certassertion.js
index b2ed480d6c14aa7fc46f9842d9a710e3374592ce..2925b5ac699296f2ea09b03e4d6efceb81d8ae70 100644
--- a/verifier/lib/certassertion.js
+++ b/verifier/lib/certassertion.js
@@ -45,6 +45,7 @@ jwk = require("../../lib/jwcrypto/jwk"),
 jwt = require("../../lib/jwcrypto/jwt"),
 jwcert = require("../../lib/jwcrypto/jwcert"),
 vep = require("../../lib/jwcrypto/vep"),
+configuration = require('../../libs/configuration'),
 logger = require("../../libs/logging.js").logger;
 
 // configuration information to check the issuer
@@ -134,7 +135,7 @@ function verify(assertion, audience, successCB, errorCB, pkRetriever) {
   
   jwcert.JWCert.verifyChain(bundle.certificates, function(issuer, next) {
     // for now, only support the browserid.org issuer
-    if (issuer != "browserid.org") {
+    if (issuer != configuration.get('hostname')) {
       // allow other retrievers for now for testing
       //
       // retrieve the public key for the issuer and
@@ -148,7 +149,9 @@ function verify(assertion, audience, successCB, errorCB, pkRetriever) {
     }
 
     // retrieve the public key for real
-    retrieveHostPublicKey(issuer, next);
+    retrieveHostPublicKey(issuer, next, function(err) {
+      next(null);
+    });
   }, function(pk, principal) {
     var tok = new jwt.JWT();
     tok.parse(bundle.assertion);
@@ -162,7 +165,7 @@ function verify(assertion, audience, successCB, errorCB, pkRetriever) {
     } else {
       errorCB();
     }
-  });
+  }, errorCB);
 }