https://www.wireshark.org/lists/wireshark-users/201003/msg00080.html
1) type "ssl.handshake.certificate" in the filter. 2) make sure the setting "Allow subdissector to reassemble TCP streams" is on in the TCP protocol preferences 3) Then go to the packet which contains the SSL handshake message "Certificate" 4) In the packet detail pane, expand the SSL protocol 5) Expand the "Certificate" TLS record 6) Expand the "certificate" handshake protocol 7) Expand the list of certificates. There is now a list of certificate length and certificates (the list could be only 1 certificate). The first certificate is the server certificate, the second it's signing CA, the third the CA that signed the CA, etc. 8) Now rightclick on the certificate that you want to export 9) Choose "Export selected packet bytes..." 10) Choose a filename and click on save You now have a file containing the certificate in DER format. You can use openssl to process the certificate as needed.