Basics of public key cryptography

• Encryption : Any message encrypted with a user's (say bob) public key can only be decrypted with bob's private key . ie  any person can encrypt a message using the intended receiver's public key, but that encrypted message can only be decrypted with the receiver's private key.
• Signing : Any one who has bob's public key can verify that a message has been signed by bob's private key. Note that signing does not encrypt data. It ensures
  • Authentication /verifying the origin of the message
  • The message in not tampered.

What happens in a https request response?

• A browser makes a http request to https url say https://clarifyforme.com.
• https://clarifyforme.com will respond with its SSL certificate (The SSL certificate has the public key of clarifyforme.com). Note that typically the certificate will be signed by some well known CA whose public certificate will be preinstalled in the browser).
• The browser receives the certificate , extracts
  • The CA from the certificate .
  • The domain name (clarifyforme.com)
  • The public key of clarifyforme.com
  • The expirty date of certtificate
• If the CA is a well known CA , its public key will be preinstalled in the browser. The browser will use the preinstalled public key of CA to verify that the certificate is really signed by the well knonw CA. If the verification succeeds the browser can be sure that the extracted public key really belongs to clarifyforme.com.
• The browser now creates a new symmtric encryption key and encrypts it with public key of clarifyforme.com . Only genuince clarifyforme.com has the private key which can decrypt the message. Hence this key now becomes a shared secret between browser and clarifyforme.com (no other machines knows it).
• All communications (request from browser and response will clarifyforme.com) will be encrypted via the symmetric key.

Read more

https://www.cloudflare.com/en-in/learning/ssl/what-is-domain-spoofing/