If you mean saving public SSL key exchanged in the traffic you can do it by the following command in rcon console:
ssldecr certs 10.1.1.1 "/var/tmp"
The output should be similar to :
>$ Wrote 1129 bytes to /var/tmp/cert_10.1.1.1:443_1.der.
1 certificates dumped.
10.1.1.1 of course is an example of SSL server IP.
What I am wanting to do is to have a record of all ssl certs, used all ssl session traffic, to which I can later drill back into. As such I need to keep not only each particular cert, but also the data and time I saw it, the scr and destination IP, ports, etc. I have seen how to do this on other APM tools but am just yet to see how it would be done in this particular application.
I am assuming there will be some kind of DMI report I can run that could recover this information for me?
That information is not kept as part of the data we process/store. It's only available on the AMD while it is running (i.e. it's lost over restarts). (so there'll be no DMI for this)
If you're handy with shell scripts, you could write something up to regularly dump the contents of
rcmd show ssldecr certs
to files, then process those.
So how about making DMi report with SSL handshakes > 0 and Client/Server IPs and Time dimensions?
This should give you an overview which client-server pairs and when established SSL session that should cover exchanging certs ...
Adam, Chris, thanks for your input. I will take this back and see what we can work out. Not familiar with rcmd at this point, so will need to do some digging on that front. If I can tie that together with what Adam suggests then perhaps I will get closer to what I need...