This post is older than a year. Consider some information might not be accurate anymore.
openssl has a handy way to extract and save certificates for further usage. Comes in handy, if you have to setup e.g. key-stores in Java. This post demonstrates how to export binary and ASCII encoded certificates.
Binary encoded certificate
The DER extension is used for binary DER encoded certificates data.
Export it
openssl s_client -showcerts -connect cinhtau.net:443 < /dev/null | openssl x509 -outform DER > cinhtau.der
View it (output shortened)
tan@pavilion:~$ hexdump -C cinhtau.der
00000000 30 82 05 0f 30 82 03 f7 a0 03 02 01 02 02 12 01 |0...0...........|
..
00000510 8a ed 5b |..[|
00000513
ASCII encoded data
The PEM extension is used for different types of X.509v3 files which contain ASCII (Base64) armored.
openssl s_client -showcerts -connect cinhtau.net:443 < /dev/null | openssl x509 -outform PERM > derp.perm
View certificate (output shortened)
tan@pavilion:~$ cat cinhtau.perm
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAaIBPGf27jqM0aPwVl+1rpuhMA0GCSqGSIb3DQEBCwUA
..
hs9JyqagwgHMhnA9wj6xwlZZOAaL2x1I64sbXVYcOvcC1XAM422GpEb37KYoEI6V
iu1b
-----END CERTIFICATE-----