The role of digitally signed X.509 certificates is to enable trusted exchanges. This is achieved by leveraging asymmetric cryptography, where a user has both a public and private key pair tied to their identity.

This allows anyone else to decrypt data to send to the user using the public, which they can then decrypt with their private key. 

There are a number of standards and procedures which must be followed for a CA to gain and maintain the trust of network users