Received the following errors:

Install of IPCONN TH12 failed because CERTIFICATE ISCSYSI1 is    
  invalid.                                                       
Install of IPCONN TH12 failed because the specified certificate  
  ISCSYSI1 does not have a private key.

A listing of the certificate shows that it does have a private key.

IBM suggested to update the acid's permit for IBMFAC(IRR.DIGTCERT.LISTRING) ACCESS to UPDATE instead of read but that did not solve the problem. The trace showed the keyring was found and the certificate was being read but there wasn't enough permission to access the key.

The ESM is Top Secret, r16.0.

Release : 16.0

In this scenario the personal certificate was owned by another acid other than the owner of the Keyring or Certsite.

The acid needs to have the following RDATALIB permit to be able to read the the private key of another acid's certificate:
TSS PERMIT(owner of keyring) RDATALIB(ringowner.ringname.LST) ACCESS(UPDATE)