Ever wondered what certificates a certain service, for example web or incoming/outgoing mail service is using? E.g., the command
openssl s_client -showcerts -connect sync.cpfs.mpg.de:443
shows the certificate chain used by the service running on port number 443 (which normally is assigned to HTTPS) on host sync.cpfs.mpg.de, ready for importing into your Keychain with certtool. (Return to a shell prompt with Control-C in case the service doesn’t close the connection.)
This comes in handy if you have a smartphone like mine displaying only very general error messages in case something with a service certificate is wrong.