What happens after a website certificate is sent to the browser?

The client receives a webserver certificate, that contains a public key "ABC" and identification "DAVID" of the website owner.

Then i am not sure what happens. The browser has to somehow verify, that the certificate is from the user "DAVID". So what happens next? I would surmize, that the browser holds some CA certificates as well.

The browser looks up, whether it can find the public key "ABC" website certificate. If it matches, then the public key can be used to verify, that the website certificate is valid.

Is this correct?


The client receives a webserver certificate, that contains a public key "ABC" and identification "DAVID" of the website owner.

The browser has to somehow verify, that the certificate is from the user "DAVID". So what happens next?

TLS certificates aren't used to identify website owners – they identify the websites themselves. The certificate used by superuser.com says "this is superuser.com" and the browser compares it to the URL that you entered.

Although they do often include organization information, that's not actually used by browsers for verification – it's only there to be shown to the user. Many websites use "domain-validated" certificates which include no organization details at all.