diff --git a/scripts/base/protocols/ssl/files.bro b/scripts/base/protocols/ssl/files.bro
index fbdd6e454e..ae0957e00f 100644
--- a/scripts/base/protocols/ssl/files.bro
+++ b/scripts/base/protocols/ssl/files.bro
@@ -121,13 +121,13 @@ event file_over_new_connection(f: fa_file, c: connection, is_orig: bool) &priori
 event ssl_established(c: connection) &priority=6
 	{
 	# update subject and issuer information
-	if ( c$ssl?$cert_chain && |c$ssl$cert_chain| > 0 )
+	if ( c$ssl?$cert_chain && |c$ssl$cert_chain| > 0 && c$ssl$cert_chain[0]?$x509 )
 		{
 		c$ssl$subject = c$ssl$cert_chain[0]$x509$certificate$subject;
 		c$ssl$issuer = c$ssl$cert_chain[0]$x509$certificate$issuer;
 		}
 
-	if ( c$ssl?$client_cert_chain && |c$ssl$client_cert_chain| > 0 )
+	if ( c$ssl?$client_cert_chain && |c$ssl$client_cert_chain| > 0 && c$ssl$cert_chain[0]?$x509 )
 		{
 		c$ssl$client_subject = c$ssl$client_cert_chain[0]$x509$certificate$subject;
 		c$ssl$client_issuer = c$ssl$client_cert_chain[0]$x509$certificate$issuer;
diff --git a/scripts/policy/protocols/ssl/known-certs.bro b/scripts/policy/protocols/ssl/known-certs.bro
index 739b11e767..a3b91953de 100644
--- a/scripts/policy/protocols/ssl/known-certs.bro
+++ b/scripts/policy/protocols/ssl/known-certs.bro
@@ -48,7 +48,7 @@ event bro_init() &priority=5
 
 event ssl_established(c: connection) &priority=3
 	{
-	if ( ! c$ssl?$cert_chain || |c$ssl$cert_chain| < 1 )
+	if ( ! c$ssl?$cert_chain || |c$ssl$cert_chain| < 1 || ! c$ssl$cert_chain[0]?$x509 )
 		return;
 
 	local fuid = c$ssl$cert_chain_fuids[0];
diff --git a/scripts/policy/protocols/ssl/validate-certs.bro b/scripts/policy/protocols/ssl/validate-certs.bro
index 205bf6808e..b06266e089 100644
--- a/scripts/policy/protocols/ssl/validate-certs.bro
+++ b/scripts/policy/protocols/ssl/validate-certs.bro
@@ -28,7 +28,7 @@ export {
 event ssl_established(c: connection) &priority=3
 	{
 	# If there aren't any certs we can't very well do certificate validation.
-	if ( ! c$ssl?$cert_chain || |c$ssl$cert_chain| == 0 )
+	if ( ! c$ssl?$cert_chain || |c$ssl$cert_chain| == 0 || !c$ssl$cert_chain[0]?$x509 )
 		return;
 
 	local chain_id = join_string_vec(c$ssl$cert_chain_fuids, ".");
diff --git a/src/file_analysis/analyzer/x509/functions.bif b/src/file_analysis/analyzer/x509/functions.bif
index b02ce5eea2..aaca64585a 100644
--- a/src/file_analysis/analyzer/x509/functions.bif
+++ b/src/file_analysis/analyzer/x509/functions.bif
@@ -86,8 +86,10 @@ STACK_OF(X509)* x509_get_untrusted_stack(VectorVal* certs_vec)
 		{
 		Val *sv = certs_vec->Lookup(i);
 
-		// Fixme: check type
+		if ( !sv )
+			continue;
 
+		// Fixme: check type
 		X509* x = ((file_analysis::X509Val*) sv)->GetCertificate();
 		if ( ! x )
 			{