Your question is interesting and helpful!
My initial response cost me a few points but oh well. I'm learning valuable knowledge too.
You can update the installed certificates Authority (CA) certs as follows
sudo update-ca-certificates
You can verify if you are resolving to the right address by typing:
dig (or nslookup or ping) google.com
whois the.address.dig.returns
A site with a bogus cert spoofing google will not have an IP address that is in google.com's assigned netblock.
If you can ping a DNS entry that resolves to a google-assigned IP your browser should be able to view pages at the same address.
To eliminate the browser as an issue, you can always try
lynx https://google.com
If this fails, you'll know it's an ssl issue if the following works
lynx http://google.com
You may have to install lynx with
sudo apt-get install lynx
You can look at a servers current ssl certificates with the command
openssl s_client -showcerts -servername google.com -connect google.com:443 |tee google.crt
QUIT
You can view the certificate details with this command
openssl x509 -inform PEM -in google.crt -text -out certdata
For test purposes I wrote the cert file to my home directory.
If the above openssl s_client command doesn't work, you can at least check to see if the web site is blocking your access to it. You won't be able to do anything but if you get a "Connected to google.com" response for the following command you'll know that packet blocking is not in play.
telnet google.com 443
On the browser side (using Firefox in my example)
edit-> preferences-> certificates-> view certificates-> servers-> add exception
In the Location window type
https://google.com
and press Get Certificate
Should return with a Valid certificate message.
Press View to look at the certificate
