How browser trusts a website in simple terms(…https/ssl/tls magic behind the scenes )

When users try to access a website like nowuknow.com over https, how does browser validates the website and display “padlock” icon in the browser?

Before we dive it into that, let's brush up on few concepts (at a high level, in simple terms)

So what is http → HTTP is a protocol used to communicate between the browser and the website.Wait what is a protocol? In simple terms language is to humans, the protocol is to machines. Humans communicate using a language (english,french e.t.c) and machines communicate using a set of protocols (http,ftp,smtp).

So what is https → https is secure layer on top of http that will conceal communication between machines. To draw an analogy, if we plan to send a letter from one place to another, by showing its contents to everyone (say paste the letter outside the bus ) then it closely refers to HTTP where everyone can see contents of the letter. If we plan to send a letter by rearranging words like saying ‘a’ will be called ‘c’, ‘b’ will be called as ‘d’ e.t. c (like Caesar’s cipher) which case even though contents are visible to everyone, no one can make sense out of it unless they crack the logic (like ‘a’ is ‘c’, ‘b’ is ‘d’ e.t.c)