First, load the certificate chain from the server:
openssl s_client -showcerts -connect www.example.org:443 </dev/null
This will output the whole server certificate chain.
Every chertificate ist wrapped between —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—–.
The first certificate is the server certificate.
So you only need to copy the output from the first —–BEGIN CERTIFICATE—– to the first —–END CERTIFICATE—– to a file.
This certificate is in the PEM (text) format.
To convert it to the binary DER format see Convert a Certificate.