Digital certificates have been misused many times during recent years. Bad actors abused them to conduct cyber attacks against private entities, individuals and government organizations. The principal abuses of digital certificates observed by security experts: Bad actors use digital certificates to eavesdrop on SSL/TLS traffic. Bad actor that is able to obtain a fake certificate from any certification authority and present it to the client during the connection phase can impersonate every encrypted web site the victim visits. The installation of a fake root CA certificate on the compromised system could allow attackers to arrange a phishing campaign.”]
Source: http://securityaffairs.co/wordpress/27129/cyber-crime/misusing-digital-certificates.html