Don't get me started on browser certificates. That's a whole week of my life I'll never get back.
The short versiom of it is, your browser trusts CAs to say whether a certificate is valid. But CAs often trust other CAs who may not actually be that trustworthy. Those CAs then trust other CAs who definitely are not as trustworthy... Etc.
So that certificate/padlock picture in your browser may not be as trustworthy as you think. It's an active problem.
The short versiom of it is, your browser trusts CAs to say whether a certificate is valid. But CAs often trust other CAs who may not actually be that trustworthy. Those CAs then trust other CAs who definitely are not as trustworthy... Etc.
So that certificate/padlock picture in your browser may not be as trustworthy as you think. It's an active problem.