What is a SSL/TLS certificate?

A TLS certificate (formerly SSL certificate) is a digital document that binds a public key to the identity of a server (domain name). Issued by a trusted Certificate Authority (CA) (Let's Encrypt, DigiCert, Comodo). The certificate contains: the domain name, the server's public key, the CA's digital signature, validity period, and the certificate chain. When a browser connects to HTTPS, it: (1) Receives the server's certificate. (2) Verifies it was signed by a trusted CA. (3) Checks it hasn't expired or been revoked (CRL/OCSP). (4) Verifies the domain matches. This prevents MITM attacks — an attacker can't fake a valid certificate for a domain they don't control. Types: DV (Domain Validated — basic), OV (Organization Validated), EV (Extended Validation — shows org name in browser). Let's Encrypt provides free DV certificates.