Transport Layer Security is a technology for keeping an internet connection secure and safeguarding any sensitive information sent between two systems using encryption algorithms. Unhelpfully, you’ll often see TLS referred to as SSL (Secure Sockets Layer), TLS is essentially the evolution of SSL and has nearly completely replaced it.
A TLS certificate achieves two main functions. It verifies the ownership of a website/domain, preventing fake versions from posing as the legitimate site. It also enables encryption to take place by storing the encryption keys required to use TLS. If a site has a valid certificate you’ll see a small lock icon when you access it in your web browser.
Certificate authorities are responsible for issuing these certificates and checking that whoever is applying for a certificate does actually own the domain they claim to.
What could go wrong? The dangers are most easily explained by looking back at a cyber attack from 2011, when a CA known as DigiNotar was hacked. This allowed a solo hacker to issue hundreds of fake certificates for domains like google.com and microsoft.com. These were then applied to fake sites impersonating Google and Microsoft products. When users accessed them they appeared to be secure and controlled by Google or Microsoft.
It’s very important that CA’s use the best security practices and also carefully evaluate every domain they issue a certificate to. Otherwise, they might unknowingly issue a certificate to a fake website.