describes how you can extract the CA cert from a site using the openssl tool

     (Thanks to Frankie V for this description)

    If you use the 'openssl' tool, this is one way to get extract the CA cert

    for a particular server:

     o openssl s_client -connect xxxxx.com:443 |tee logfile

     o type "QUIT", followed by the "ENTER" key

     o The certificate will have "BEGIN CERTIFICATE" and "END CERTIFICATE"

       markers.

     o If you want to see the data in the certificate, you can do: "openssl

       x509 -inform PEM -in certfile -text -out certdata" where certfile is

       the cert you extracted from logfile. Look in certdata.

     o If you want to trust the certificate, you can append it to your

       cert_bundle or use it stand-alone as described. Just remember that the

       security is no better than the way you obtained the certificate.

     (Thanks to Doug Kaufman for this description)

 4. If you're using the curl command line tool, you can specify your own CA

    cert path by setting the environment variable CURL_CA_BUNDLE to the path

    of your choice.