A signed certificate is presented to the application (server or client) that verifies it against a list of authorized Certificate Authority (CA). If the certificate is valid, the server/client is authenticated.
This server and client certificate validation is done during the SSL handshake.
- The client verifies it
For more information, see the dedicated page: How to enable SSL on a server (ie HTTPS on a web server) ?
Client certificate authentication uses the same mechanism but the other way around.
- The client authenticate him-self to the client by sending a digital certificate signed by a CA that is in the list of trusted CA
- The server verifies it
Because every client with a valid certificat can login, you need to keep a list of valid certificat if you need to revoke it later.
For more information, see the dedicated page: What is a client certificate authentication ? (SSL/TLS Web)