URL=www.google.com;PORT=443;OLDIFS=$IFS; IFS=':' certificates=$(echo | openssl s_client -showcerts -servername $URL -connect $URL:$PORT 2>/dev/null | sed -n '/-----BEGIN/,/-----END/ {/-----BEGIN/ s/^/:/; p}'); for certificate in ${certificates#:}; do echo;echo $certificate | openssl x509 -noout -subject -issuer -dates ;echo; done; IFS=$OLDIFS

El resultado es este, certificado, SUBCA y CA

subject=CN = www.google.com
issuer=C = US, O = Google Trust Services, CN = WR2
notBefore=Aug 12 07:19:41 2024 GMT
notAfter=Nov  4 07:19:40 2024 GMT

subject=C = US, O = Google Trust Services, CN = WR2
issuer=C = US, O = Google Trust Services LLC, CN = GTS Root R1
notBefore=Dec 13 09:00:00 2023 GMT
notAfter=Feb 20 14:00:00 2029 GMT

subject=C = US, O = Google Trust Services LLC, CN = GTS Root R1
issuer=C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA
notBefore=Jun 19 00:00:42 2020 GMT
notAfter=Jan 28 00:00:42 2028 GMT

El mismo comando pero guarda el certificado, la subCA y la CA en ficheros que se llaman como el CN del subject de cada certificado, subCA y CA

URL=www.google.com;PORT=443;OLDIFS=$IFS; IFS=':' certificates=$(echo | openssl s_client -showcerts -servername $URL -connect $URL:$PORT 2>/dev/null | sed -n '/-----BEGIN/,/-----END/ {/-----BEGIN/ s/^/:/; p}'); for certificate in ${certificates#:}; do echo;echo $certificate | openssl x509 -noout -subject -issuer -dates ;fichero=`echo $certificate | openssl x509 -noout -subject|awk -F'CN = ' {'print $NF'}|sed 's/ /_/g'`; echo $certificate > ${fichero}.crt; done; IFS=$OLDIFS

En este caso creo los ficheros:

www.google.com.crt
WR2.crt
GTS_Root_R1.crt

Si probamos con www.elpais.es tiene 4 certificados

subject=CN = elpais.com
issuer=C = US, O = Amazon, CN = Amazon RSA 2048 M03
notBefore=Jul 18 00:00:00 2024 GMT
notAfter=Aug 16 23:59:59 2025 GMT

subject=C = US, O = Amazon, CN = Amazon RSA 2048 M03
issuer=C = US, O = Amazon, CN = Amazon Root CA 1
notBefore=Aug 23 22:26:04 2022 GMT
notAfter=Aug 23 22:26:04 2030 GMT

subject=C = US, O = Amazon, CN = Amazon Root CA 1
issuer=C = US, ST = Arizona, L = Scottsdale, O = "Starfield Technologies, Inc.", CN = Starfield Services Root Certificate Authority - G2
notBefore=May 25 12:00:00 2015 GMT
notAfter=Dec 31 01:00:00 2037 GMT

subject=C = US, ST = Arizona, L = Scottsdale, O = "Starfield Technologies, Inc.", CN = Starfield Services Root Certificate Authority - G2
issuer=C = US, O = "Starfield Technologies, Inc.", OU = Starfield Class 2 Certification Authority
notBefore=Sep  2 00:00:00 2009 GMT
notAfter=Jun 28 17:39:16 2034 GMT

elpais.com.crt
Amazon_RSA_2048_M03.crt
Amazon_Root_CA_1.crt
Starfield_Services_Root_Certificate_Authority_-_G2.crt

Para importar un certificado en firefox:

https://bugs.launchpad.net/ubuntu/+source/firefox-3.0/+bug/198841

Crear o generar Certificado autofirmado Creamos Petición:

openssl req -new -nodes -keyout www.lobo99.com.key -out www.lobo99.com.csr -subj "/C=ES/ST=Catalonia/L=Mataro/O=lobo99/CN=www.lobo99.com"

Firmamos el certificado:

openssl x509 -req -days 3650 -in www.lobo99.com.csr -signkey www.lobo99.com.key -out www.lobo99.com.crt