Category: sysadmin Generated on 2016-12-23 source: source
$ echo -n | openssl s_client -connect HOST:PORTNUMBER | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > SERVERNAME.cert
-showcerts can be used to download all the certificates in the chain.
echo -n is needed because openssl s_client is interactive.
$ sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' removes information about the certificate chain.
This is the preferred format to import the certificate into other keystores.