You would need a role assigned at course level with capabilities mod/customcert:viewreport and mod/customcert:view. A role based on the non-editing teacher should grant this although you probably want to change mod/customcert:manage to "Not set".
The certificate activity's group mode would have to be separate groups, for example, if the course settings were Group mode = "Separate groups" and Force group mode = "Yes.