A certificate is a guarantee that a public key belongs to a certain owner. This guarantee is given by a Certificate Authority (CA), which signs the certificate so that the public key cannot be altered or forged. The certificate authority needs to verify the identity of the owner of the public key before issuing a certificate. If there is no certificate authority, a certificate owner can sign its own certificate. These certificates are called self-signed certificates.
A certificate consists of a serial number, a public key, the identity of the certificate authority that signed the certificate, expiration dates and other data associated with the identity. A public key has a corresponding private key, which must be held secret by the owner.
Certificates indicate trust in the public key of the owner of the certificate. Therefore, trust relations can be defined using certificates or certificate authorities.