Certificates are authenticators--they are used by third parties in confirming the identity of the agent proferring the certificate. In MeatSpace, things driver's licenses, passports, and other forms of photo ID are often used as certificates. In these cases, the comparison between the photo and the person weilding the certificate is a central part of the authentication mechanism.
Online, the use of AsymmetricKeypair?s largely replaces the central role filled by photos in MeatSpace authentication. The mechanisms of asymmetric public key cryptography provide a difficult-to-forge relationship between the person associated with the certificate and the certificate itself.
In current (2001) practical terms, several widely-used web browsers are distributed with certificates already installed from certificate authorites--these certificates are root certificates. Any AuthenticationCertificate? presented by a web server at the initiation of a web session which certificate can be verified by transitive trust relationships back to an already-installed root certificate is accepted as valid.
For any certificate which cannot be traced back to an already-installed root certificate from a certificate authority, the browser might reject the certificate, or might prompt the user as to whether the user wants to accept the certificate.
As part of this dialogue, the user may be presented with a fingerprint to assist the user in deciding whether to accept the certificate.
Real world examples of trusted authorities are manifold, including: