Creating a certificate and using an HTTPS connection alone is not enough for the connection between the server and the client’s web browser to be reliable in addition to security.
Since when creating a certificate, its creator determines both the name of the website and the personal/company data completely freely, and no one prevents them from entering completely arbitrary data (including with malicious intentions), the client’s browser must somehow make sure that the certificate contains authentic information. If the browser cannot detect the authenticity of the certificate, it warns the website visitor of the potential danger, and newer browsers even refuse to enter such a website.
CAs (Certificate Authorities) come to the rescue when it comes to proving the authenticity of a certificate:
- check that the information contained in the certificate is correct
- by signing the certificate, they prove with their signature that the information in the certificate is correct and does not have malicious intentions
Every browser (even different versions of the same browser) has a certain amount of authority signatures pre-installed. When entering an HTTPS site, the browser checks its signature base to see if the website’s certificate has been signed by an authority it knows. If the signature is familiar, the warning message is no longer displayed and the page is trusted by the visitor.