In doing a test regarding the SSLv3 Poodle issue, I ran the following test:

openssl s_client -connect 127.0.0.1:443 -ssl3

and get this:

openssl s_client -connect 127.0.0.1:443 -ssl3

CONNECTED(00000003)

depth=0 /C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=localhost.localdomain/emailAddress=root@localhost.localdomain

verify error:num=18:self signed certificate

verify return:1

depth=0 /C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=localhost.localdomain/emailAddress=root@localhost.localdomain

verify error:num=10:certificate has expired

notAfter=Oct  2 18:46:52 2010 GMT

verify return:1

depth=0 /C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=localhost.localdomain/emailAddress=root@localhost.localdomain

notAfter=Oct  2 18:46:52 2010 GMT

verify return:1

---

Certificate chain

 0 s:/C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=localhost.localdomain/emailAddress=root@localhost.localdomain

   i:/C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=localhost.localdomain/emailAddress=root@localhost.localdomain

This certificate shows while accessing the webserver SSLv3 test somehow.

But, it expired 4 years ago, and isn't anywhere to be found in the Certificate Manager.

Where would this certificate be hiding?

And why would it be used when the certificate manager has created certificates for the webserver?

Thanks in advance for your help.