The certificate is used to identify "someone" (eg. a machine / a server) and the certificate authority is used to verify the certificate. A VPN (TLS/SSL) connection is established by (simplified):
1) Client requests servers certificate.
2) Client verifies the certificate using a certificate authority.
3) Clients requests the servers public key (*).
4) Client uses the servers public key to encrypt and send a secret key to server.
5) Server uses the clients secret key to encrypt the connection.
(*) Encryption using public & private key pairs is referred to as asymmetric encryption. This means that one key is used for encryption and another key is used for decryption. So a public key can be considered a "lock" and the private key (stored securely on the server) is the key to open the lock. You cannot open the lock with the lock it self (reverse engineer). This is why TLS / SSL can be both secure and password free as long as the servers private key remains private.
Please do not ask questions in private messages, they will not help others.