This document discusses SSL/TLS and certificate authorities. It provides background on how public/private key encryption and digital signatures work. It describes the SSL/TLS handshake process and issues that can occur with validating certificates if they are not properly signed by a trusted certificate authority. It discusses the DigiNotar security breach in 2011 where unauthorized certificates were issued, compromising trust in that certificate authority. It provides tips on debugging SSL/TLS issues in Java applications and with openssl/curl.