Show certificates:
openssl s_client -connect $address:$port -showcerts </dev/null
> All certificates after the first one can be concatenated to create a CA chain file.
Verify CA file (or chain):
openssl s_client -connect $address:$port -verifyCAfile chain.pem </dev/null
Display a certificate:
openssl x509 -in cert.pem -noout -text
Convert a certificate from binary (DER) to text (PEM) format:
openssl x509 -in cert.der -outform pem -out cert.pem