# System is using my local self-signed certs in many external

## fincoop

Here's a weird one.

I tried to use WGET to fetch configuration files from the VPN provider and I saw another certificate error. This time, WGET reported that the server certificate was signed by my local CA, and that the hostname didn't match. It was comparing the common name of the server (correct) to the common name of a wildcard cert that my local CA had signed recently.

Any ideas why the system is using these certs? Does that get configured somewhere??

```
>>> wget https://<vpnprovider>/openvpn/openvpn.zip

--2015-08-21 14:04:09--  https://<vpnprovider>/openvpn/openvpn.zip

Resolving <vpnprovider>... <ipaddress>

Connecting to <vpnprovider>|<ipaddresss>|:443... connected.

ERROR: cannot verify <vpnprovider>'s certificate, issued by '<myRootCA>':

  Self-signed certificate encountered.

    ERROR: certificate common name '<myWildcardCert> doesn't match requested host name '<vpnprovider>'.

To connect to <vpnprovider> insecurely, use `--no-check-certificate'.
```

----------

## Ant P.

You can try using `gnutls-cli` to see what the other end of the connection is actually sending.

----------

