retrieve-cert.shはOpenSSL Command-Line HOWTOのものを使っています。

#!/bin/sh
#
# usage: retrieve-cert.sh remote.host.name [port]
#
REMHOST=$1
REMPORT=${2:-443}

echo |\
openssl s_client -connect ${REMHOST}:${REMPORT} 2>&1 |\
sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'

うまくいかないときはこんな風にエラーがでます。

~/Documents/LanguageStudy/Scala $ openssl verify cert.csr
cert.csr: serialNumber = FPK/WAHVnyVOwwNCTAsAmM83nZSYDORz, C = JP, O = cs2009.org, OU = GT45098297, OU = See www.rapidssl.com/resources/cps (c)10, OU = Domain Control Validated - RapidSSL(R), CN = cs2009.org
error 20 at 0 depth lookup:unable to get local issuer certificate