Generally, web connections are secured with the help of digital certificates, often used in combination with SSL (Secure Socket Layer) / TLS (Transport later Security) protocol. A digital certificate is a small piece of data that describes the identity of a party. This identity is secured with a digital signature signed on the digital certificate. The digital signature on a digital certificate is not an ordinary signature and is derived from a complex arithmetical function dependent on the encryption key. If during the transit of the digital certificate, the value of the key is altered, the certificate will not match & an error message will be generated. In this manner, the data can be secured.
However, the question now arises is that how will you verify that the owner of the digital certificate is a legitimate owner? Let us try to get our answer.
For example, you visit a website, and there you are presented with a digital certificate, say, Mac’s Certificate. Mac’s certificate has been confirmed by Jacob and carries Jacob’s signature on it. Jacob’s certificate has been confirmed by John Doe and carried John Doe’s signature on it. John Doe is the root CA (certificate authority), i.e. he is authorized to issue certificates. When you find John Doe’s signature on the Mac’s certificate, you trust that the certificate presented by the Mac is legitimate, and he is, who he claims to be. The same thing happens in real life, the web browsers have built in trusted certificates issued by the root certificate authority, for example: VeriSign Inc. Whenever, your web browser is presented a certificate that has been digitally signed by VeriSign, it automatically accepts the certificate. However, intruders or assailants can take advantage of this conviction by generating their own signed digital certificate that is identical to the VeriSign digital certificate, for example.