There is a certificate defined in ACF2 with a logonid, but no suffix.  How can the certificate be deleted using only a logonid?  How can the label be specified if a CHKCERT cannot be performed on the cert? The following error is seen when attempting to CHKCERT this certificate: 

CHKCERT TESTUSR
ACF68031 LABEL must be specified with LOGONID

Release : 16.0

Component : ACF2 for z/OS

A certificate can be deleted without specifying a LABEL, but take care to make sure the right SET mode is specified. Otherwise, a user lid from the LID database might end up deleted instead if this user were to exist:

ACF
SET P(USER) DIV(CERTDATA)
DEL TESTUSR

To get the LABEL, enter the SET mode for CERTDATA records and then LIST the certificate:

ACF
SET P(USER) DIV(CERTDATA)
LIST TESTUSR