With current technology, it is safe to say
that a hacker cannot easily forge a key pair. That is, the private key cannot be easily extrapolated from a public key and used to impersonate
someone else using the digital certificate. In other words, private key algorithms do a good job ensuring that no one can sniff packets.
However, this procedure does not guarantee that the holder of a certificate is who he or she claims to be. Encryption does not necessarily mean
authentication. You need a way to prove that the person, host, or server who has the certificate is really who or what they say they are. Properly
"signed" certificates allow this to occur. Generally, an e-commerce site requires a certificate, unless it is going to use a third party.