fetch
Opens an ephemeral TLS connection to host:port, performs OS-level certificate chain validation, and returns the server's leaf certificate as a PEM string.
The returned PEM string can be passed directly to verify.
Return
PEM-encoded leaf certificate string
Parameters
host
Hostname to connect to (e.g. "api.example.com")
port
TCP port — defaults to 443
Throws
if the TLS handshake fails or no leaf certificate is present