This question already has an answer here:
- SSL Certificate framework 101: How does the browser actually verify the validity of a given server certificate? 3 answers
- SSL certificate chain verification 2 answers
- Understanding the signing and verification process through a CA 1 answer
- Clarifying self-signed certificates vs root certificate authority 4 answers
- Does Self-signed certificate differ from CA from a security point of view? 8 answers
While reading about certificates, I came across this article. It says:
The point of a CA-signed certificate is to give slightly stronger verification that you are actually using the key that belongs to the server you are trying to connect to.
How exactly does the CA ensure stronger verification?
While trying to find an answer to this, I found this answer. The fifth paragraph mentions:
Once you get the certificate, you want to verify it’s the good one. You can see in the certificate that it has been issue by a CA. If you have the CA key you can verify the signature.
What does this mean? Everyone who’s trying to access any site with a CA-signed certificate will have this universal CA key? If yes, isn’t that insecure in any way? If no, then how do you verify that it isn’t a “forged” certificate from the CA?
(I’d appreciate an in-depth explanation of how CA-signed certificates actually work.)