Download CA cert
openssl s_client -showcerts -connect $1 </dev/null 2>/dev/null|openssl x509 -outform PEM > $2
Make SSL SHA256 pin from PEM
cat $1 | openssl x509 -inform pem -noout -outform pem -pubkey | openssl pkey -pubin -inform pem -outform der | openssl dgst -sha256 -binary | openssl enc -base64
Retrieve a certificate's SHA1 hash from macOS Keychain Access via Terminal
security find-certificate -Z