The certificate issued by Edx is signed by a gpg key so that it can be validated independently by anyone who has the edX public key. For independent verification edX uses what is called a "detached signature" meaning that the signature for the certificate is contained in a separate file with a ".sig" extension.
To complete the verification procedure you will need the following three files:
Ensure you have the pdf, the ".sig" signature file and the edX public key copied to a single directory before you begin.
Download and install gpgtools.
After installation, GPG Keychain Access will prompt for a new personal keypair.
Click the import icon to import the public key file edX, edx.pub.
CTRL-click the edX public key and select "sign" to validate it.
Confirm that the edX public key is listed in the GPG Keychain Access window and it has Short ID 5D8F1E7A.
Download and install the full version of gpg4win.
After the installation is complete, launch Kleapatra from the start menu.
Create a new personal certificate if don't have one listed under "My Certificates".
When prompted, select "Create personal OpenPGP key pair."
Import the edX public key file, edx.pub for edX by clicking on the "Import Certificate" icon.
Certify the edX public key by highlighting the edx certificate and selecting "Certify Certificate" under the "Certificates" menu.
Make sure that the edX public key/certificate is listed under the "Trusted Certificates" tab and verify it has the Key-ID 5D8F1E7A.
gpg --verify Certificate.pdf.sig Certificate.pdf