OpenCerts
FAQ

Frequently Asked Questions

General

What OpenCerts is and how to get a certificate

What is OpenCerts?

OpenCerts is the umbrella trademark under which we have released a few key components:

  1. An open source schema for publishing educational credentials
  2. A set of tools for generating cryptographic protections for educational credentials
  3. This online website for verifying the authenticity of OpenCerts files.

Where do I get an OpenCerts certificate?

OpenCerts is an open source platform which education institutions can adopt for issuing certificates. Please contact your education institute’s administrative office for enquiries on whether your certificate was issued in the OpenCerts format.

How do I send my OpenCerts certificate to someone?

You may use the email button that is visible when you view your certificate, or you can simply email the OpenCerts file to them.

Why can't I print the certificate?

Printing the certificate discards all the advanced cryptographic protections we have built into OpenCerts, hence printed certificates are not to be considered authentic.

Verifying your certificate

What the verifier checks, and what the results mean

How does certificate verification work?

When you drop a certificate onto opencerts.io, three key verifications are performed. All three must pass for the certificate to be marked as verified.

  1. Document integrity. Every OpenCerts certificate is sealed when it's issued. If anyone changes anything inside the file afterwards — even a single character in a name, a date, or a grade — the seal breaks and verification fails.
  2. Issuer's identity. Each institution publishes proof on its own official website domain. OpenCerts checks the certificate against that proof, and if it claims to be from somewhere it isn't, this check fails.
  3. Document status. Sometimes a certificate needs to be withdrawn after it's been issued — for example, if it was issued in error. Institutions can mark a certificate as revoked, and OpenCerts checks for this. A revoked certificate may still be authentic, but it is no longer valid.

If all three checks pass, you can trust that the certificate is real, unchanged, and currently valid.

What does it mean by Revoked?

The issuer has explicitly published a notice of revocation for this certificate and it is no longer a valid certificate.

What happens if I modify the OpenCerts file?

The modified certificate will fail validation and show up as having been tampered with.

Can anyone copy my certificate file and pretend to be me?

Yes, the certificate file can trivially be duplicated. However, the recipient's name in the certificate cannot be altered without failing our verification process. Thus it is extremely important that the person doing the verification ensures that the recipient indicated in the certificate is actually the entity presenting the certificate.

About the technology

For the curious, and for issuers planning a migration

Is my personal data safe?

Yes. Your personal information stays inside the certificate file itself — it isn't published to any external registry or database when the certificate is issued or verified.

When OpenCerts checks whether a certificate is authentic, it doesn't upload the certificate or its contents anywhere. The check works by comparing the certificate against proof that the issuing institution has publicly declared on their own domain. Nothing about you, the recipient, is involved in that public proof.

What is a digital signature?

A digital signature is the cryptographic “seal” that proves an OpenCerts certificate is genuine and unaltered. When an institution issues a certificate, it adds a signature that is mathematically tied to the exact contents of that certificate and to the institution itself.

Two things follow from this:

  1. If anything inside the certificate changes — a name, a date, a grade, even a single character — the signature no longer matches, and verification fails. There's no way to edit a certificate without breaking its signature.
  2. Only the issuing institution could have produced the signature. It can't be forged by someone else and then attributed to the institution, because the signature depends on information that only the institution controls.

So when OpenCerts shows that a certificate is verified, it means both that the file is exactly as the institution issued it, and that the institution itself produced it.

What are W3C Verifiable Credentials and TrustVC?

W3C Verifiable Credentials is an international open standard for digital credentials — a common set of rules for how any digital certificate can be issued and verified online. It's developed by the World Wide Web Consortium (W3C), the same body responsible for the standards behind the web itself.

The standard matters because it means a digital certificate isn't tied to one country's system or one company's software. A credential issued under the W3C standard can be checked by anyone, anywhere, using compatible tools.

TrustVC is Singapore's open-source implementation of that standard, maintained by IMDA. It's the framework now used to issue new OpenCerts certificates.

In practice, this means OpenCerts now works the same way as a growing number of digital credential systems around the world. That makes it easier for your certificates to be recognised across borders, and for OpenCerts to keep up with how digital credentials are evolving internationally.

Are older OpenCerts certificates still valid?

Yes. Certificates issued under the older OpenAttestation standard continue to be accepted on opencerts.io. No action is needed by recipients.

I'm an educational institution — where do I find migration resources?

Institutions should migrate to TrustVC by 30 June 2027. Visit trustvc.io/contact to get in touch with the team for migration support.

Support

  • FAQ
  • GitHub
  • Documentation

Legal

  • Privacy Policy
  • Terms of Use
  • Collaborator Terms and Conditions

Copyright © 2026 OpenCerts