root ca's public key is preinstalled into the OS/browser. server and client exchange metadata, server send its certs, the certs is issued by the root ca and contains the sites's public key
http proxy is simple, skip.
one thing to notice is that, browser use persistent connections by default, so a connection or only a few connections are created to the proxy server, and then the browser reuse all the connections.
https protocol is basically ssl layer on port 443 + http protocol
if a http proxy server support the CONNECT method, and forward the following binary bytes as is, then it's considered a tunneling http proxy.
if a http proxy supports tunneling, then it can be used in https, then it's a https proxy. however, the proxy does not know anything about the traffic.
https proxy that can intercept the traffic