A digital certificate is a string of bits that certifies that somebody is who they say they are. It contains suitable identifying information about the entity (e.g. person's name, registered company name) together with a PublicKey, and is signed by some Certifying Authority (CA), who is expected to only have granted the certificate after receipt of suitable proof of identity from the entity concerted.

This CA is identified by its own digital certificate, which might in turn be signed by some other higher-level CA, and so on until we get to root certificates that are already included with, and trusted by, the system that the recipient is using to check the authenticity of the certificate.

For example, if you check the Certificate Manager dialog in a default installation of Firefox 3.0, you will see root certificates from about 50 different CAs.

A common format for digital certificates is X.509.