How to use KEYRINGs and Virtual KEYRINGs concurrently with the same Root Certificates/Certificate Authority (CA)?

The Root Certificates are currently being used on KEYRINGs.

1. The Root Certificates/Certificate Authority(CA) must be owned by acid CERTAUTH and be authorized to use Virtual Keyrings.

    Issue a TSS LIST(CERTAUTH) DIGICERT(digicertname). If the certificate is not found, then it is not owned by CERTAUTH and needs to be moved to CERTAUTH.

2. Issue a TSS WHOOWNS RDATALIB(CERTAUTH.IRR_VIRTUAL) to determine if Virtual Keyrings have been defined as a protected resource in Top Secret. 

   If yes, then the user must be PERMITted to the Virtual Keyring via:

             TSS PER(acid) RDATALIB(CERTAUTH.IRR_VIRTUAL_KEYRING.LST) ACC(READ) 

   If no, then the above PERMIT is not needed.

3. Users must be authorized to access certificates.

   Issue a TSS WHOOWNS IBMFAC(IRR.DIGTCERT) to determine if certificate access is defined as a protected resource in Top Secret. 

   If yes, then the user must be PERMITted to use certificates via:

       TSS PER(acid) IBMFAC(IRR.DIGTCERT) ACC(CONTROL)

   If no, then the above PERMIT is not needed.