After clarification: it does not have to do much with the application type, ASP.NET or not. This is more about key distribution and encryption. All you need to understand is how public-key cryptography
As to the code, all you need is implemented in .NET:
Please understand that the purpose of certificate is completely different.
You need to decide by yourself on certification of the site/page. Please see the discussion in my comment below. If you use certificate authority the user can trust, you need to pay fee. Please see:
Basically, when a user loads an HTTP page, the Web browser checks up the certificate against the certificate list registered in the system. The system stored only top-level authorities. To check up your certificate, it follows the chain of issuers (each certificate should provide the URI of its issuer, it the URI of the issuer is the same as the one of the certificate itself, it's a top-level one). The user can add custom top-level certificate, something trusted by its user. So, you need to pay the issuer of the certificate, which is only used to confirm that your site is authentic, same as the one used in certification.
In this procedure, the user gets the evidence of authentic site the way which can not be faked. Why it cannot be faked — please refer to the first link and apply some logic.
That's basically it.