Certificate-based Authentication for Client Connections
The API connection certificate authentication feature allows clients to connect to a Connect:Direct server by using only an SSL/TLS Certificate with a Common Name (CN) specified as a user name.
If the intended client usage does not include submitting a process, the user name does not have to be a real z/OS system user name and only needs to be defined in the Connect:Direct z/OS user authorization file. If a process is to be submitted, then user specified in the Common Name (CN) must be a real Z/OS system user or real z/OS system user id must be specified in the Security ID parameter of user authorization record with Common Name (CN) as user id. You can configure this feature using the user authorization file of a Connect:Direct node. The API certificate authentication requires no user password to be presented.