When troubleshooting, you may need to provide Support or Development with SSL encrypted traffic. However, providing the private key could pose a security risk.
A simple workaround is to export an SSL session key. With such a key, the user can decrypt only one trace and cannot decrypt other traffic from the same SSL server.
For Classic AMD, in the rcon console, execute the following:
rcon tcpdump 0 "/var/tmp/encrypted_traffic.pcap" "host X.X.X.X and tcp port YYY" tcpdump status tcpdump stop
where X.X.X.X and YY are the IP addresses and ports of the software services containing SSL traffic.
You should get the decrypted traffic for this particular SSL session.