Public key encryption uses SSL (Secure sockets layer) to encrypt all data between two sides communicating through the secure conenction. Information is sent in encrypted form to the site using the site's public key.

Once the information has been sent the site uses its private key to decrypt the information. The site's pubic key and site's private key combination are called a key pair.

The main problem comes from the fact that anyone can create a website and key pair using a name that doesn't belong to them. Problem is fixed with digital certificates that are trusted ID cards in electronic form that come along with a web site's public encryption key to their identity for purposes of public trust.

Digital certificates are issued by an independent, recognized and mutually trusted third party side which guarantees that the website operating can be trusted. The third party is also known as a Certification Authority (CA).

Without digital certificates the site cannot be trusted about which the visitor would be informed at the beginning of the session.

A digital certificate embeds  entity's name, address, serial number, public key, expiration date and digital signature as well as other relevant information. When a web browser tries a secure connection, the digital certificate is instantly turned on for the session.

The browser checks if there are any problems and if found any pops up an alert.

If the digital certificates are in order, the browser completes secure connections without interruption.

Basically the SSL certificates can be separated into two main groups : self signed certificates and and certificates signed from trusted CA authority.