Maybe take a look at the Digital Certificate Goody Bags on z/OS presentations or something like Security Server RACF Security Administrator's Guide (SA23-2289), Using RACF to manage digital certificates:
RACF has three categories for managing digital certificates: User certificate A certificate that is associated with a RACF user ID and is used to authenticate the user's identity. The RACF user ID can represent a traditional user or be assigned to a server or started procedure. Certificate-authority certificate A certificate that is associated with a certificate authority and is used to verify signatures in other certificates. Site certificate A certificate that is associated with an off-platform server or other network entity, such as a peer VPN server. This category of certificate can also be used to share a single certificate and its private key among multiple RACF user IDs. When used for sharing, a certificate might be referred to as a placeholder certificate. Regards, Kevin -----Original Message----- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Phil Smith III Sent: Monday, July 18, 2016 2:45 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: CERTAUTH vs SITE vs user certificate >So: >CERTAUTH - root certs >SITE - server leaf certs (and intermediates?) >User - certs used to authenticate users to servers >Anyone want to agree/argue/validate/disprove? Nobody else has any thoughts on this? Surely we aren't the only ones dealing with certificates (well, besides Dave Gibney)? ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN