I’ve read this post where it says:
"…an attacker can still take the whole signed content and present it to you but won’t be able to change any details or the signature won’t match."
- How does the browser validate the details of a certificate and see its content like domain name, etc.?
- If a MITM wants to change anything, he would need to decrypt the cert, which is impossible, or simply change what he wants but then fail at the browser because, as mentioned above, the signature won’t match?