Basically it's Public Key encryption technology, just like OpenSSH. A Private/Public Key pair is the prerequisite. Speaking of HTTPS, the public key is embedded in a digital certificate with additional information describing the owner of the public key, such as name, street address, and e-mail address. A private key and digital certificate provide identity for the server.
Trusted Certificate Authorities (CA)
Examples (JVM level):
Ubuntu and Debian
Red Hat Enterprise Linux and Oracle Linux
WebLogic Server 11g (10.3.1 - 10.3.6)