MITM Attack on Gmail’s SSL in 2011

I have read these posts:

As far as I know, a certificate should be installed on a server.

So I don’t quite understand how issuing a fraudulent certificate for * (the spelling of the common name is correct – it is not phishing) could trigger these browser warnings without installing it on a server.

I understand that a private key is in their hands but how did they manage to throw this certificate from the official Google website to users?

Did they install it on a Gmail server?

Could you explain, please?

Screenshot of certificate error in Chrome