If you're a root like Symantec then yes you can. It all relies on trust - it's amazing that this system works at all to be honest .
Certificate pining can catch this sometimes. However it can also be deliberately bypassed by getting, for example, your work desktop to trust a work owned root ca. Do your internet banking on a machine you control.