Multiple digital certificates with different SDN's need to be associated with one User ID.

Release : 16.0

Component : CA ACF2 for z/OS

ACF2 stores certificates as USER Profile records with a record key of userid.suffix. The record key consists of the userid (owner) with an optional suffix which can be used to associate a user with more than one certificate. For example: 

USER001.CERT1
USER001.CERT2
USER001.CERT3

Following example shows how to associate three digital certificates with User ID USER001.

First, verify all certificates are valid by issuing CHKCERT commands (if you are inserting from a dataset) as shown below:

ACF
SET P(USER) DIV(CERTDATA) 

CHKCERT DSN('SYS1.CERT1') 
CHKCERT DSN('SYS1.CERT2') 
CHKCERT DSN('SYS1.CERT3') 

Next, issue the INSERT commands (if you are inserting from a dataset) or GENCERT commands accordingly to associate the User ID to multiple certificates:

ACF
SET PROFILE(USER) DIV(CERTDATA)
INSERT USER001.CERT1 DSN('SYS1.CERT1') LABEL(CERT1) 
INSERT USER001.CERT2 DSN('SYS1.CERT2') LABEL(CERT2) 
INSERT USER001.CERT3 DSN('SYS1.CERT3) LABEL(CERT3) 

  or

ACF
GENCERT USER001.CERT1 SUBJ(CN='XXXXCERT' OU='XXXX' C=XX) LABEL(CERT1) 
GENCERT USER001.CERT2 SUBJ(CN='YYYYCERT' OU='YYYY' C=YY) LABEL(CERT2) 
GENCERT USER001.CERT3 SUBJ(CN='ZZZZCERT' OU='ZZZZ' C=ZZ) LABEL(CERT3) 

* The TRUST flag is automatically set for both INSERT and GENCERT commands