When configuring the SSL cert to be used by the PAM appliance for https connections, it is possible to "download" or "delete" the PAM appliance key-pair, CSR or certificate.
However it is not possible to "download" Root CA certificates ("Certificate Bundles") or Intermediate CA certificates ("Certificate Chain") or Certificate Revocation Lists
When troubleshooting SSL issues, it is necessary to know what CA certificates and CRLs have already been imported into PAM. This can not be determined by the name of the cert/CRL only. It is necessary to be able to view the complete contents of the cert/CRL. The easiest way to do this is to allow the cert/CRL to be downloaded so that it can be viewed using standard tools.