Pull certificates for a domain
openssl s_client -showcerts -connect abond.dev:443
Add the following flag to run SNI negotiation.
-servername abond.dev
Validate certificate with CA bundle
openssl verify -verbose -CAfile <(cat myca.ca-bundle) mycert.crt