deal with server-certificates

dealing with server-certificates gives me headache and/or scares the hell out of me. Its unbelievable complicated with expiration, certicate-chain, verification, self-signed and PEM and x509 and whatever. This page cannot give an tutorial or explanation of all the complicated stuff going on, but is merely a list of tools I use to deal with the stuff.

If you want to get the certificate a certain server uses in pem-format:
echo|openssl s_client -connect server:443 |openssl x509 -out server.pem

and to get more info out now
openssl x509 -in server.pem -noout -text