OpenSSL

the recognized way to download host's certificate

openssl s_client -showcerts -connect address:port 2>&1 |
sed -ne '/-BEGIN CERFIFICATE-/,/-END CERTIFICATE-/p' > filename.pem