Certificate Verification

Verify any ACAP credential

Paste a vendor's certification JWT or certification ID. No account required, no contact with ACAP or the vendor.

You can paste either the full signed JWT or just the certification ID.

How ACAP credentials work

Cryptographic trust, not paper trust

Cryptographically signed

Every credential is an RS256-signed JWT. The private key never leaves ACAP's infrastructure. A valid signature proves the credential was issued by ACAP.

Registry-checked

Verification checks the live registry for revocation and expiry — not just the JWT signature. A credential can be valid cryptographically but revoked.

Independently verifiable

ACAP's public key is served at /.well-known/acap-keys. Anyone can verify a JWT offline using any RS256-capable library.

CLI verification (no browser required)
$ pip install acap-eval
$ acap-eval verify <jwt_or_cert_id>
$ acap-eval verify <jwt> --check-revocation