How SSL certificate prevents man-in-the-middle attack?

Question

I have read several articles about SSL certificates on the internet, however, I could still not figure out how it can avoid the man-in-the-middle attack: https://en.wikipedia.org/wiki/Man-in-the-middle_attack.

What I understand about SSL certificates in general is that it's using the Public/Private key pair to encrypt and decrypt the message. People say that everyone knows the Public key, and can use this Public key to encrypt the message. And, thus, the 'man-in-the-middle' knows this Public key too so he could intercept the message from client, then change the message and encrypt again with the Public key before sending it to the server. Is that correct?

Answer 1

What I understand about SSL certificates in general is that it's using the Public/Private key pair to encrypt and decrypt the message.

No, the certificate is not used for message encryption. Encryption is done with a separate key, agreed on during the Key Exchange phase of the TLS handshake. The obsolete RSA key exchange methodinvolves encryption using the certificate during key exchange, but modern key exchange methods don't do this.

The certificate is used to authenticate the server instead, i.e. make sure that the client is actually talking to the correct server and not to some man in the middle. This authentication is essential to protect the key exchange and thus the encryption build on this key exchange.

The server basically proves possession of the private key matching the public key by signing some data and the client can verify this signature with the public key contained in the certificate. These data are at least partially specified by the client, i.e. the server cannot simple sign anything it wants as proof. Certificate validation involves more than that though - see SSL Certificate framework 101: How does the browser actually verify the validity of a given server certificate?.