You don't pull off anything from the linux server. You need to know what "brand" of certificate they have and maybe a few other bits about it, but you don't need that certificate.
Then you go to that provider of certificates and look for root and intermediate CA's. Say for example, the certificate they have is a GEOTRUST RAPIDSSL. You would google that for root/intermediate CA's and you will land with a page like: https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&id=AR1548
Then if it is a SHA-1 or 2, you would download the appropriate ones (if in doubt download "all" of them), and then you would go install such onto the ibm i.
To do that install, you get what you downloaded onto the the IFS (easiest way is to create a folder in ifs, share it and then map it at your pc, and drop/drag the file(s) in.
Then you need to go into DCM, to do that you put in your ibm i's ip address colon 2001, like : 192.168.1.10:2001 and you log in, and you click on the middle/right to work with ibm i tasks and then you will see digital certificate manager and you might have to use the http (and previously when you asked for :2001, it might have said it wasn't a trusted site since it is a self signed certificate).
select your certificate store (upper left) and select system and login there, then select manage certificiates and view your certificates and select certificate authorities and you can see what you have installed.
This is pretty much laid out in the reference I made above over at bvstools. Like I said, you aren't really taking anything from the linux server, except to find out the "maker" of the certificate and its "brand name" which might mean like in case of geotrust there is rapidssl, geotrust essential, etc. and if it is sha-1 or sha-2. If you can't find out about the sha-1 or -2, get the root authorities and intermediates for both and put them on.
To import a CA instead of viewing, you do the import and when you name it, put down what it is like GEOTRUST RAPIDSSL SHA-1 INTERMEDIATE. This will help later on if you have to see if you have it or not.
I have put on several CA's and have also put on a certificate for outside use which is similar but different.
Also if you think you have the stuff in place and it doesn't work, simply download geturi and you can try it from the greenscreen to hit it and if you can't, then you have other issues. If you can and you can't with isockets, that too will be helpful for you to know.
The other thing may be what level of SSL they connect with or what they will allow. That is, they may only allow TLS 1.2 or maybe TLS 1.x. And that can come into play.
Like I said, you aren't extracting anything off the linux box, that won't help you, you need to be sure you have the correct CA's root/intermediate. You see today most certificates build on a trust level which happens through an intermediate or two and a root.