While reading about certificates, I came across this article. It says:
The point of a CA-signed certificate is to give slightly stronger verification that you are actually using the key that belongs to the server you are trying to connect to.
How exactly does the CA ensure stronger verification?
While trying to find an answer to this, I found this answer. The fifth paragraph mentions:
Once you get the certificate, you want to verify it's the good one. You can see in the certificate that it has been issue by a CA. If you have the CA key you can verify the signature.
What does this mean? Everyone who's trying to access any site with a CA-signed certificate will have this universal CA key? If yes, isn't that insecure in any way? If no, then how do you verify that it isn't a "forged" certificate from the CA?
(I'd appreciate an in-depth explanation of how CA-signed certificates actually work.)
