Adding a client and root certificate pair to the security file and then adding to acids keyrings.

The following datasets contain the certs:
USERA.PUBLIC.CERTS.PEM (contains the root cert)
USERA.PUBLIC.CERTS.P12 (contains the client cert and password protected ‘mandolin’)

Would like to add the client certificate with a DIGICERT name of 'CAMSRVC' and the root certificate with 'CAMSRV'.

The keyring name will be 'MESMRING'.

The commands needed to add the certificates to the security file and keyrings:

1. Add certs the security file.
tss add(certauth) digicert(CAMSRV) DCDSN(USERA.PUBLIC.CERTS.PEM) TRUST
tss add(certsite) digicert(CAMSRVC) DCDSN(USERA.PUBLIC.CERTS.P12) PKCSPASS(mandolin) TRUST

USERB

2. Create keyrings for users that dont already have the keyring:
tss add(USERB) keyring(MESMRING)
tss add(USERC) keyring(MESMRING)
tss add(USERD) keyring(MESMRING)

3. Connect root an personal certs to the keyring of the user:

TSS ADD(USERC) KEYRING(MESMRING) RINGDATA(CERTSITE,CAMSRVC) USAGE(PERSONAL) DEFAULT 
TSS ADD(USERC) KEYRING(MESMRING) RINGDATA(CERTAUTH,CAMSRV) USAGE(CERTAUTH) 

TSS ADD(USERB) KEYRING(MESMRING) RINGDATA(CERTSITE,CAMSRVC) USAGE(PERSONAL) DEFAULT 
TSS ADD(USERB) KEYRING(MESMRING) RINGDATA(CERTAUTH,CAMSRV) USAGE(CERTAUTH) 

TSS ADD(USERD) KEYRING(MESMRING) RINGDATA(CERTSITE,CAMSRVC) USAGE(PERSONAL) DEFAULT 
TSS ADD(USERD) KEYRING(MESMRING) RINGDATA(CERTAUTH,CAMSRV) USAGE(CERTAUTH) 

4. Authorize for digital certificates:

TSS PER(USERB) IBMFAC(IRR.DIGTCERT) ACC(CONTROL)
TSS PER(USERC) IBMFAC(IRR.DIGTCERT) ACC(CONTROL)
TSS PER(USERD) IBMFAC(IRR.DIGTCERT) ACC(CONTROL)

Without this permission, users will not be authorized to use digital certificates.

5. Make sure when specifying the keyring name to the application it matches the keyring name exactly. The digicert name and keyring name is case sensitive.