Which protocol checks that a certificate belongs to the website and offers mutual authentication?

The correct answer is TLS. Transport Layer Security (TLS) is a cryptographic protocol designed to provide secure communication over a computer network. One of its key features is the ability to establish a secure connection through the use of certificates.

When a website presents its TLS certificate, the client (such as a web browser) verifies the certificate’s validity to ensure it indeed belongs to the entity it claims to represent. This validation process checks for proper issuer signatures and the certificate's expiration date, among other criteria. This verification helps to prevent man-in-the-middle attacks, ensuring that users are communicating with the legitimate site.

In addition to validating the server's certificate, TLS also supports mutual authentication, where both the client and server authenticate each other's identities through the exchange of certificates. This feature is particularly important in scenarios where both parties must establish trust, such as in some corporate environments or sensitive transactions.

Understanding how TLS operates in terms of certificate validation and mutual authentication is crucial for maintaining security in online communications.