--- old/src/java.base/share/classes/sun/security/x509/X509CertImpl.java	2018-07-10 13:46:12.350516592 +0100
+++ new/src/java.base/share/classes/sun/security/x509/X509CertImpl.java	2018-07-10 13:46:11.746516592 +0100
@@ -42,7 +42,8 @@
 
 import javax.security.auth.x500.X500Principal;
 
-import java.util.Base64;
+import jdk.internal.event.EventHelper;
+import jdk.internal.event.X509CertEvent;
 import sun.security.util.*;
 import sun.security.provider.X509Factory;
 
@@ -154,6 +155,9 @@
     // AuthorityInformationAccess cache
     private Set<AccessDescription> authInfoAccess;
 
+    // Event recording cache list
+    private List<String> recordedCerts;
+
     /**
      * PublicKey that has previously been used to verify
      * the signature of this certificate. Null if the certificate has not
@@ -1861,6 +1865,11 @@
         if (! algId.equals(infoSigAlg))
             throw new CertificateException("Signature algorithm mismatch");
         readOnly = true;
+
+        X509CertEvent xce = new X509CertEvent();
+        if (xce.isEnabled() || EventHelper.isLoggingSecurity()) {
+            commitEvent(xce);
+        }
     }
 
     /**
@@ -2017,4 +2026,25 @@
         buf.append(hexChars[high])
             .append(hexChars[low]);
     }
+
+    private void commitEvent(X509CertEvent xce) {
+        if(recordedCerts == null) {
+            recordedCerts = new ArrayList<>();
+        }
+        String serNum = getSerialNumber().toString(16);
+        if (!recordedCerts.contains(serNum)) {
+            recordedCerts.add(serNum);
+            try {
+                PublicKey pKey = info.pubKey.get(CertificateX509Key.KEY);
+                EventHelper.commitX509CertEvent(xce,
+                    info.algId.get(CertificateAlgorithmId.ALGORITHM).getName(),
+                    serNum, info.subject.getName(), info.issuer.getName(),
+                    pKey.getAlgorithm(), KeyUtil.getKeySize(pKey),
+                    info.interval.get(CertificateValidity.NOT_BEFORE).getTime(),
+                    info.interval.get(CertificateValidity.NOT_AFTER).getTime());
+            } catch (IOException e) {
+                // ignore for recording purposes
+            }
+        }
+    }
 }