Question:  

After INSERTing new certifiactes and KEYRING is there a ACF2 REFRESH or REBUILD required to activate the new profile records? 

Answer: 

Certificate(CERTDATA profile records) do not need to be activated after insertion, 

modification, generation, or deletion. Each command handles updating the 

in-core storage used by certificate processing. However KEYRING profile data records

need to be activated after insertion or changes, use the following console command to 

activate a newly created or changed KEYRING profile data record:

f acf2,rebuild(usr),class(p),division(keyring)

f acf2,omvs

Additional Information:

Details on ACF2 Keyring and Certificates can be found in the CA ACF2 for z/OS Administration Guide in

Chapter 3: Maintaining Logonid Records sections 'KEYRING Profile Data Records' and 'CERTDATA Profile Data Records'.