We’ve found it helpful to use a task/analysis combination to gather cert info. Powershell and/or Certutil can be run on Windows to extract whatever cert info you need and create a log.
Likewise Keytool can be used on Java-based environment (regardless of OS) to inventory the local identity store and record that to a log.
An analysis can be used to gather relevant bits of information for collection. To refresh the data, simply re-run the script or set it to a recurring action on an interval.
