You're pretty much correct about verification. I would add that the browser also tries to verify the cert against a CA (Certificate Authority) but this can be waived by the user.
Beautifully explained here How are ssl certificates verified?
Signing is a different thing. When an applicant (e.g. web server) wants a CA to sign a certificate for it, it creates a key pair, private key and public key, and then prepares a CSR (Certificate Signing Request) containing among other things, the previously created public key. Then the CA then creates a signed certificate (using its own private key), that can be verified by any entity that knows this CA's public key. Web browsers have a list of the most common CA's pre-installed.