What does exchange step number 9 located at this link means for configuring keyrings?

Release : 16.0

Component : ACF2 for z/OS

The exchange step means that the client application (in this case CICS) connecting to z/OS server (zCEE server) needs to have a CERTAUTH certificate that signed the zCEE personal certificate for server authentication. 

CICS has three certificates connected in it's keyring including one personal certificate and two CERTAUTH certificates that signed the personal certificate:

KEYRING / CICDBID1.RING LAST CHANGED BY ABCDE 
                        DEFAULT(CICS.CICSDEV) RINGNAME(Keyring.CICDBID1.OUT)
The following certificates are connected to this key ring:
CERTDATA record    Label                             Usage
-----------------  --------------------------------  --------
CERTAUTH.RSA2A     RSA2 SECTIGO                      CERTAUTH
CERTAUTH.USERTRST  USERTRUST ROOT                    CERTAUTH
CICS.CICSDEV       CERTAUTH.CICSDEV                  PERSONAL

Similarly, zCEE has three certificates including one personal and two CERTAUTH certificates.

KEYRING / ZCEESYSJ.RING LAST CHANGED BY ABCDE
                     DEFAULT(SITECERT.ZCON) RINGNAME(ZCEERING)     
The following certificates are connected to this key ring:         
CERTDATA record    Label                             Usage         
-----------------  --------------------------------  --------      
CERTAUTH.RSA2A     RSA2 SECTIGO                      CERTAUTH      
CERTAUTH.USERTRST  USERTRUST ROOT                    CERTAUTH      
SITECERT.ZCON      ZCEE non-prod Server Cert SYSJ    PERSONAL  

The other thing to be aware of is that some applications will optionally specify or will require the label of the personal (server) certificate be specified so sites should look at the application(CICS, zCEE) configuration parameter/file to insure that they point to the keyring and certificate label (if required).