> What are these certificates

It’s identification – e.g. “this is reddit.com”.

> who issues them?

A Certificate Authority (CA) “signs” them, cryptographically vouching for the ID. Browsers have a list of CAs and a public key so they can check to see if that signing / vouching is legit.

You can run your own CA and sign your own certificates, but that’s not worth a lot until you get everyone to trust your CA.

> Why it’s dangerous to open page with invalid one?

Say some site says it’s reddit.com, but that vouching doesn’t check out. You might log in and someone takes over your account. Not fun, but not as bad as if it happens with your bank’s web site.

**Edit: Here is a great [presentation](https://www.youtube.com/watch?v=09fNjMur1Gs) on these concepts and some problems with them. It gets a bit technical, but Geoff Huston makes it fairly accessible. Almost everyone will come away being a bit more paranoid about this stuff.**