Depends on the certificate. There are three different types of certificates:
- Domain validated certificates: Domain-validated certificate - Wikipedia
- Organisation validated certificates: Public key certificate - Wikipedia
- Extended validation certificates: Extended Validation Certificate - Wikipedia
Only with the extended certificate you can know for a certain certainty the "real owner", i.e., the legal representative of a domain. Which propably could be some sort of shell company..
Domain validation, which most certificates are, are just that: with aid of the public key infrastructure, you can be certain it's actually the server responsible for the hostname you're connecting to. And nothing more than that. It does NOT validate the CONTENTS of the site! Certificates were NEVER meant for that! It's just verifying you're actually connecting to the scam-site. It's up to THE USER to check for scams or not.
It's beyond me why people think the "green lock" says anything about the contents of a website. It only says the connection to the scam or phishing site is secure! Yay! Your credit card info isn't interceptable by a man in the middle attacker when you're st*p*d enough to fall for a scam-site with a green lock 