Public Key Certificates or digital certificates are electronic documents that verify an entity, service or person are who they claim to be, asserted by a trusted third party certificate authority. These certificates can be used to secure communications between client and server, or to digitally sign messages to guarantee the integrity and authenticity of the message.
TLS/SSL server certificates are required to be presented by a server to a connecting client as part of the initial connection. The client will perform the certification path validation algorithm by verifying that the certificate, presented by the server, contains a subject that matches the hostname the client is establishing a connection to. Next to this, the client will seek if the certificate was signed by a known and trusted Certificate Authority. Only if all the checks are matched and the identity of the server is verified, will the client establish a connection and initiate the conversation.