How is certification of public keys?

A standard asymmetric encryption algorithm (RSA let it be).
Question about certification of public keys by a certification authority for the organization end-to-end encryption.

Question - how is the certification and the signature is checked?
Excerpt from Wiki:

The public key certificate issued by a certification authority, and includes such fields as:

- he is the public key of the certificate owner,
the validity,
- the name of the Issuer (certification authority),
- the name of the certificate owner
and, the most important part of the digital signature.
Digital signature ensures non-repudiation certificate. It is the result of a cryptographic hash function from data of the certificate encrypted with the private key of the certification authority.

As I understand the principle of work:
User a generates public and private keys. The public key is sent to the certification authority. It generates a DTO like:
 "public_key": "here open, for which the certificate is created",
 "sertification_center_name": "name CA",
 "sertificate_owner_name": "name of certificate holder",
 "sign": "MD5 hash of all these data after they have been encrypted with the private key of the certification authority"

We send the certificate to the interlocutor. It decrypts the signed certificate, and then calculates a hash function from all of its fields (excluding the signature itself), and compares the hashes. If they match, everything is OK, the public key can encrypt.

All right? If Yes, then the question arises: what additional security? What hinders to replace the usual not send the public key and the certificate with a different key?
April 7th 20 at 11:05
2 answers
April 7th 20 at 11:07
The certificate key is a unique ID by which they recognize each other, the key of another certificate useless. And in addition, it is believed that the key certificate is stored in a safe place and not available to anybody. Leak key = complementaria certificate.
April 7th 20 at 11:09
it prevents to substitute normal not sent the public key and the certificate with a different key?

You just described a MitM attack SSL.
But, as already noted by @res2001 in the comments, there is a third trusted party - Certification authority(the certification Center), it confirms the validity of the used SSL certificate.

Since all RF certification center (certification centers) must have a certificate from the FSB, the latter have access to all private keys. Therefore, any installed on your PC, Russian the SSL certificate potentially unsafe.

Find more questions by tags Cryptography