In the case of SSL from a web browser to a web server the following things happen to my understanding.
Web browser downloads the web server's certificate, which contains the public key of the web server. This certificate is signed with the private key of a trusted certificate authority.
Web browser comes installed with the public keys of all of the major certificate authorities. It uses this public key to verify that the web server's certificate was indeed signed by the trusted certificate authority.
Now if instead of a web browser, my client is another application how it would have information on the public keys of all of the major certificate authorities