I recently discovered the openssl commandline tool, and it seems to be a veritable swiss-army knife of useful stuff for working with ssl. I use the -s_client subcommand all the time to verify the ssl cerificate details for a given target server as follows:
>openssl s_client -connect <host>:<port>
The output includes the raw server certificate itself (just the public key), the CA chain, and the subject name(s) as well. There are many cases where a system might have multiple certs installed but you’re not sure which cert a given system/service is presenting. The openssl command makes things much clearer.
It’s also nice that the s_client subcommand (and possible everything this tool does?) is completely protocol/service agnostic, so you can see the cert details for any arbitrary ssl-enabled service (https, ldaps…). Apparently you can run a simple ssl server by specifying a cert file as well. Cool!