How would it work if you had a VPN and a private certificate installed on your browser?
1. Traffic encrypted in browser using SSL
2. Traffic routed to VPN server
3. Traffic routed to target web server over public internet*
4. Back to VPN server
5. Back to browser
*I assume at this point the Kazakh government can intercept the traffic and decrypted the HTTPS traffic, but that would itself be garbage because it's been encrypted by the VPN. Is this correct?
If the VPN endpoint is in KZ, then yes. Otherwise, no. However, if you were to be a person of interest, it would be possible to spoof the page of your vpn provider and provide you with fake vpn.
1. Traffic encrypted in browser using SSL
2. Traffic routed to VPN server
3. Traffic routed to target web server over public internet*
4. Back to VPN server
5. Back to browser
*I assume at this point the Kazakh government can intercept the traffic and decrypted the HTTPS traffic, but that would itself be garbage because it's been encrypted by the VPN. Is this correct?