Quick way to extract the main cert, and the intermediate CA and ROOT ca from a host.
shell
echo "" | openssl s_client -showcerts -prexit -connect HOSTNAME:443 2> /dev/null | sed -n -e '/BEGIN CERTIFICATE/,/END CERTIFICATE/ p'
One sees a PEM as output (just capture into a file one can use)
