The cryptographic certificate format underpinning TLS/SSL, the document that proves a server is who it says it is.
An X.509 certificate is the standard cryptographic-certificate format used by TLS/SSL to authenticate servers (and optionally clients) during connection setup. The certificate includes the subject's public key, identity (typically a domain name), issuer (a trusted Certificate Authority), validity window, and signature. Certificate management, issuance, distribution, rotation, revocation, is its own operational discipline; tools like cert-manager (Kubernetes), AWS Certificate Manager, and Let's Encrypt automate large parts of it.
Expired certificates are one of the most-preventable, most-common Sev-1 causes in the industry, every team eventually has the 'we forgot to renew the cert' postmortem. Tooling that auto-renews certificates and alerts on certificates near expiry is table stakes. mTLS (mutual TLS where the client also presents a certificate) is also the foundation of zero-trust architectures: every service-to-service call authenticates the other end's identity.
See the part of the platform that handles x.509 certificate in production.