SSLCERTS: improve the openssl command line

... for extracting certs from a live HTTPS server to make a cacerts.pem
from them.

diff --git a/docs/SSLCERTS.md b/docs/SSLCERTS.md
index 3fcd345b006a1bcbcad2273bc543dba4d8a4f4e8..2c5be68e6ae4c2c2dc283cca20b0728365ddbba0 100644 (file)
--- a/docs/SSLCERTS.md
+++ b/docs/SSLCERTS.md
@@ -92,8 +92,8 @@ server, do one of the following:
     If you use the 'openssl' tool, this is one way to get extract the CA cert
     for a particular server:
 
-     - `openssl s_client -connect xxxxx.com:443 |tee logfile`
-     - type "QUIT", followed by the "ENTER" key
+     - `openssl s_client -showcerts -servername server -connect server:443 > cacert.pem`
+     - type "quit", followed by the "ENTER" key
      - The certificate will have "BEGIN CERTIFICATE" and "END CERTIFICATE"
        markers.
      - If you want to see the data in the certificate, you can do: "openssl