To share a certificate with multiple users, it must be owned by CERTSITE.
How do you change ownership to CERTSITE?
1. EXPORT the certificate
TSS EXPORT(USERA) DIGICERT(USERCERT) DCDSN(dataset) FORMAT(PKCS12DER) PKCSPASS(USERCERT)
2. Verify EXPORT was sucessfull
TSS CHKCERT DCDSN(datasetname) PKCSPASS(USERCERT)
3. Delete the certificate from the security file
TSS REM(USERA) DIGICERT(USERCERT)
4. Add certificate back under new owner
TSS ADD(CERTSITE) DIGICERT(USERCERT) DCDSN(datasename) PKCSPASS(USERCERT) LABLCERT('USERA Certificate') TRUST
5. Re-add certificate back to the keyrings it is needed on.
TSS ADD(started_task_acid) KEYRING(keyringname) RINGDATA(CERTSITE,digicertname) USAGE(PERSONAL) DEFAULT
started_task_acid - Substitute the appropriate acid for your started tasks applications that need the certificate.
keyringname - Substitute the keyring name.
digicertname - Substitute the digicertname you used for the certificate you moved to CERTSITE.