This
Code:
openssl s_client -connect your.server.com:443
will show you the whole certificate chain up to the CA root. Usually, you would then search for them and acquire them by conventional methods like downloading from the server. If that is not feasible then you can use
openssl again:
Code:
echo -e '\032' | openssl s_client -connect your.server.com:443\
> -showcerts | sed '1,/^-----END/d; /^---$/,$d; /^ /d' > ca-certs-bundle.crt
And if you want to have them separately then
Code:
csplit -zf'ca-cert' -b'%d.pem'\
ca-certs-bundle.crt '/^-----END/+1' '{*}'