Validate an edX Certificate

The certificate issued by edX is signed by a GPG key so that it can be validated independently by anyone with the edX public key. For independent validation, edX uses a "detached signature," meaning that the signature for the certificate is contained in a separate file with a ".sig" extension.


Requirements to Validate an edX Certificate

To validate an edX certificate, you need the following files:

  • The official edX public key
  • Certificate PDF : The edX certificate belonging to Claudio Reggiani (you should already have this file).
  • A Digital Signature : The signature file for Claudio Reggiani's certificate.
  • All Elements Present : Ensure you save the PDF, the signature file, and the edX public key in the same directory.

How to Validate an edX Certificate

Validate an edX Certificate on OSX (using GPG Keychain)

  1. Download and install gpgtools.
  2. After installation, when you are prompted by GPG Keychain Access, enter a new personal keypair.
    Explanation: Create a new keypair
  3. Click the Import icon to import the edX public key file, edx.pub.
  4. CTRL-click the edX public key and select sign to validate it.
    Explanation: How to sign key
  5. Confirm that the edX public key is listed in the GPG Keychain Access window and that it has the Short ID 044DA1D9.
    Explanation: Confirm edX public key exists

Validate an edX Certificate on Microsoft Windows (using gpg4win)

  1. Download and install the full version of gpg4win.
  2. After the installation is complete, launch Kleapatra from the Start menu.
  3. Create a new personal certificate if don't have one listed under My Certificates.
    Explanation: How to make a new certificate
  4. When prompted, select Create personal OpenPGP key pair.
    Explanation: How to make a new certificate
  5. Import the edX public key file, edx.pub, by clicking the Import Certificate icon.
  6. Certify the edX public key by highlighting the edX certificate and selecting Certify Certificate under the Certificates menu.
    Explanation: How to certify certificate
  7. Make sure that the edX public key/certificate is listed in the Trusted Certificates tab and verify it has the Key-ID 044DA1D9.
    Explanation: How to verify certificate

Validate an edX certificate through the Terminal (using gpg)

  1. Open a new terminal on OSX or a command window on Windows.
  2. Go into the directory where the edX public key, PDF, and .sig file are located.
  3. Run the following command to verify the fingerprint of the edX key:
    gpg --verify Certificate.pdf.sig Certificate.pdf
  4. Confirm that "Good signature from edx <info@edx.org>" is reported by gpg.

Have Questions or Need Help?

To learn more about how signatures work, see Public key cryptography and the GnuPG website. If you have questions about validating edX certificates specifically, contact us.