TSSOERPT shows the following entry:                                                      
                                                                          
     SERVICE      USERID    GROUP        UID         GID    SAF RC   RSN 
                                                                          
       DATE          TIME    JOBNAME   SOURCE   SYSID   CPU   SECLABEL    
                                                                          
                                                                          
                                                                          
 initACEE         GGCICST2 CICSGRP          103         101   8    8   16 
                                                                          
 03/18/09 09.077   14.42.12 GGCICST2                  MSB               
                                                                          
 Failed - User ID is not defined or attempt to delete ACEE failed         
                                                                          
  Function: Reg Cert Attribute flags: 04000000                           
                                                                          
  Userid:             Applid:                                             
                                                                          
  Password: NO   Passphrase: NO   Certificate: YES ACEE Addr: NO        

According to the IBM RACF Callable Services Guide, a SAF RC=8, RACF RC=8 and RACF Reason Code=16 for an Initacee Function=Register (register a certificate) call means that 'The userid is not authorized.'

Users must be authorized to IBMFAC(IRR.DIGTCERT.ADD) to use the 'Initacee Function=Register' RACF Callable Service.

Issue:

TSS PER (acid) IBMFAC (IRR.DIGTCERT.ADD) ACC (READ)

to authorize the user.

Refer to the IBM RACF Callable Services Guide for more details about 'Initacee'.