How PKI saves from MITM
A more important question is why do we need a CA for PKI. If a CA is removed from the PKI then MITM can’t be prevented. When you have to trust a server you just ask the server to show the certificates they have and if you trust the CA (root or intermediate) that signed it you can go ahead and say the server can be trusted. However, when you have a server (let’s say) example.com and you are establishing a connection with it, anyone in the middle can respond to your packets. But those middlemen won’t have a certificate signed by the CAs you trust with example.com in their common name/alt name. Reverse proxies may ask for your certs/private key if you want them to play the role of your domain at the frontend and do TLS termination. Blindly trusting CAs and cloud reverse proxies/load balancers is something the internet needs to be more aware of.