Jan 24, 2019 12:56 PM|mgebhard|LINK
Use the certificate ID in the URL not the userId. Never put the userId in the URL!
Anyway, the certificate Id will fetch the certificate for a user and I assume will have the user's name etc. If you do not want other users to see the certificate then force the user to login. Then verify the certificate Id belongs to the logged in user.