Curl from istio-proxy. Where are the certs?

Hi, I’m on Istio 1.8 and before that I was working with 1.3 some time ago.
I tried to do curl from istio-proxy container in a mtls-enabled cluster to other service, but can’t find the certificates to present anymore. How this thing is done these days?

I double checked my mtls config for the pod I tried to curl from:

DestinationRule: productpage for "productpage"
   Matching subsets: v1
   Traffic Policy TLS Mode: ISTIO_MUTUAL

Not sure about Istio 1.3, but if you are referring to the dynamic certificates generated for the service account corresponding to the istio-proxy container periodically (since you are using ISTIO_MUTUAL), you can obtain them by issuing the following command from outside the cluster
istioctl pc secret pod-name -n namespace
From inside the container, this might be more challenging, since these certificates reside only in memory and are not backed up in the file-system any more.

Thanks mate, this is good enough explanation. That makes a lot of sense.