SSL/TLS 证书的用途

Question

I have been reading about ssl/tls and certificates recently to enable https for one of our websites.

As far as my current understanding goes, a ssl/tls certificate verifies that we as client are connected to the correct site or not. For that the signature inside of the certificate is used to verify whether the certificate is legitimate or not. And finally to establish a secure connection algorithms like ECDHE (Elliptic curve Diffie–Hellman) are used.

My question is if I want to connect to a website say, "www.mysite.com" and I key in "www.mysite.com" into my browser address bar, I am guaranteed that I will be connected to the correct website. So what is the purpose of having a SSL/TLS certificate installed on a web server when I know that I am keying in the proper address.

Am I missing something in my understanding of how https works?

Also ECDHE algorithm does not rely on any information like public key from the certificate to establish a secure connection.

Answer 1

... if I want to connect to a website say, "www.mysite.com" and I key in "www.mysite.com" into my browser address bar, I am guaranteed that I will be connected to the correct website.

You are not. With a variety of techniques like DNS spoofing, ARP spoofing, hijacked SoHo routers, ... it is possible that an attacker reroutes your traffic so that it ends up at a server controlled by the attacker and not the actual server you want to. Validating that the certificate you've got from the server is the expected one protects against such attacks.