diff --git a/scripts/policy/frameworks/intel/seen/x509.bro b/scripts/policy/frameworks/intel/seen/x509.bro
index 9dcbc3edb9..c4f487947e 100644
--- a/scripts/policy/frameworks/intel/seen/x509.bro
+++ b/scripts/policy/frameworks/intel/seen/x509.bro
@@ -25,6 +25,14 @@ event x509_certificate(f: fa_file, cert_ref: opaque of x509, cert: X509::Certifi
 			     $f=f,
 			     $where=X509::IN_CERT]);
 		}
+
+	if ( f$info?$sha1 ) # if the file_hash event was raised before the x509 event...
+		{
+		Intel::seen([$indicator=f$info$sha1,
+		             $indicator_type=Intel::CERT_HASH,
+		             $f=f,
+		             $where=X509::IN_CERT]);
+		}
 	}
 
 event file_hash(f: fa_file, kind: string, hash: string)
diff --git a/src/file_analysis/File.cc b/src/file_analysis/File.cc
index 88aa1b10c8..9f554899fa 100644
--- a/src/file_analysis/File.cc
+++ b/src/file_analysis/File.cc
@@ -375,8 +375,10 @@ void File::DeliverStream(const u_char* data, uint64 len)
 
 	while ( (a = analyzers.NextEntry(c)) )
 		{
+		DBG_LOG(DBG_FILE_ANALYSIS, "stream delivery to analyzer %s", file_mgr->GetComponentName(a->Tag()).c_str());
 		if ( ! a->GotStreamDelivery() )
 			{
+			DBG_LOG(DBG_FILE_ANALYSIS, "skipping stream delivery to analyzer %s", file_mgr->GetComponentName(a->Tag()).c_str());
 			int num_bof_chunks_behind = bof_buffer.chunks.size();
 
 			if ( ! bof_was_full )
@@ -465,6 +467,7 @@ void File::DeliverChunk(const u_char* data, uint64 len, uint64 offset)
 
 	while ( (a = analyzers.NextEntry(c)) )
 		{
+		DBG_LOG(DBG_FILE_ANALYSIS, "chunk delivery to analyzer %s", file_mgr->GetComponentName(a->Tag()).c_str());
 		if ( ! a->DeliverChunk(data, len, offset) )
 			{
 			analyzers.QueueRemove(a->Tag(), a->Args());