The Vantage StoragePoint installation wizard asked us what level of TLS and we gave it level 1.2 .
It also asked us for a keyring name which we supplied one. Does that be defined to RACF ahead of time? We chose a name on the fly during the wizard.
Are there instructions for that part of this process?

Every security team should have a procedure for getting new TLS certificates signed by CA (Certificate Authority) and knew how to add them to KEYRING. Either they can create the keyring you choose during installation of Vantage StoragePoint or if internal policies do not allow that KEY_RING_OWNER/KEY_RING_NAME, you can always update the KEYRING name after the Vantage StoragePoint installation to match the keyring provided by security team. You can do that in USS in file /path_to_vsp_runtime_dir/apache-tomcat-xx.x.xx/conf/server.xml, or simly redo the installation and insert the new keyring name. This is the recommended approach.

It is not recommended to use the Self signed certificates for Vantage StoragePoint Web client. 

Alternative solution is with AT-TLS, in that case the security team should give you the port and set all the rules and certificates on AT-TLS level and you will update the Vantage StoragePoint installation to run in http mode (security is managed on AT-TLS level). Again this can be done from server.xml or redo the Vantage StoragePoint installation.