Browser — Checks the SSL certs.

There are several checks that the browser performs to verify the SSL certificate:

Expiration date: The browser checks that the certificate has not expired. If the certificate has expired, the browser will display an error message and will not establish a secure connection to the website.

CA signature: The browser checks that the certificate has been signed by a trusted CA. If the certificate has not been signed by a trusted CA, the browser will display an error message and will not establish a secure connection to the website.

Hostname match: The browser checks that the certificate is issued for the correct hostname. If the certificate is issued for a different hostname, the browser will display an error message and will not establish a secure connection to the website.

Chain of trust: The browser checks that the certificate can be traced back to a trusted root certificate. If the certificate cannot be traced back to a trusted root, the browser will display an error message and will not establish a secure connection to the website.

By performing these checks, the browser can ensure that the SSL certificate is valid and that the website is legitimate. This helps to protect users from man-in-the-middle attacks, where an attacker intercepts the communication between the browser and the website and presents a fake SSL certificate in order to gain access to sensitive information.