haw can i export the certificate into form der from pcap file with command line tshark and not manually ??

edit

Using tshark you can get a hexdump for every certificate in a pcap using this command:

tshark -n -Tfields -e tls.handshake.certificate -Y tls.handshake.certificate -r $pcapfile

A TLS certificate message may contain multiple certificates. To split them up, one per line, pipe the output of tshark through the command tr , '\n'.
And to deduplicate the certificates found pipe the output through sort -u command.

Next step is to convert the hexdump into a useful format. For example by converting into DER format by piping the output to this Perl script:

#!/bin/perl
use strict;
my $count = 0;
while (<>) {
    open(FH, '>', sprintf("cert%03d.cer", ++$count)) or die $!;
    print FH (pack "H*", $_);
    close(FH);
}
print "Converted $count certs\n";