Using HTTPS instead of plain HTTP to connect to a website allows you to encrypt your communication with the server. But encryption alone does not guarantee that you are talking with the right server, and not someone impersonating it, for example in case of a man-in-the-middle attack.
SSL certificates try to solve this problem. A SSL certificate is usually issued by a certificate authority to certify the identity of a server. When you reach a website your web browser might trust an SSL certificate automatically if it trusts the authority that issued it.
Commercial certificate authorities are making a living out of selling SSL certificates; they are usually trusted automatically by most of the browsers.Other non-commercial authorities, such as [CACert](http://www.cacert.org/), need to be installed by the operating system or by the user to avoid displaying a security warning when visiting the website.
