These are the opportunities that an attacker has to defeat the authentication provided by web site certificates.
He must both:

• Acquire illegitimate certificate
  To do this he must either:
  • Corrupt (bribe) existing CA
  • Buy existing CA
  • Subvert computer of existing CA
  • Become a new CA and convince browser builders to include his CA cert.
  Any of these leaves him with the private key of a trusted CA with which to produce a bogus cert for a bogus site, or worse, a bogus cert for a valid site.
• Corrupt routing of https traffic
  To do this he must either:
  • Corrupt DNS
    There are several computers upon whose integrity DNS relies.
  • Corrupt IP routing
    There are many computers (switches) upon whose integrity IP routing relies.
  • Replace data in packets to or from DNS
    This may be simpler depending on the attacker’s tool set.
  • The BGP protocol disseminates routing information thru out the net. As I understand the protocol as published it seems highly vulnerable. BGP ‘accidents’ are often in the news. Such accidents may route data thru compromised switching nodes where it is easy to spoof IP addresses.
  Proxies and firewalls are a natural place to carry out these attacks as the traffic is already converted to a form convenient for the attacker. Proxies and firewalls already do things like the attacker needs to do. They work at the relevant abstraction level. The attacker usually lacks access to these, however.

  The attacker must avoid detection for the duration of his attack which may be months. To do this he is probably careful not to disrupt traffic that he intercepts from non targets. This may be done by blindly passing such traffic thru to the legitimate site.

See a note on public keys and some further rambling.