Whenever you generate a certificate using the RACDCERT GENCERT command, RACF® registers it to a user ID and adds it to the RACF database. You can also store a previously generated certificate and register it to a user ID using the RACDCERT ADD command. These methods establish a direct one-to-one association, or mapping, between each certificate and one specific user ID. You can create direct mappings for each of your users by simply adding individual certificates for each user to the RACF database. However, the administrative cost of this approach might only be feasible for you when handling a limited number of certificates.

Registered certificates are stored in certificate profiles. These profiles contain an exact copy of the certificate and, for user IDs on this system, the private key, if it exists. Certificates stored in this way can be used to simply associate a certificate with a user ID or they can be gathered into a collection, or key ring, for use by other applications as part of a secure network protocol. For details, see Using the RACDCERT command to administer certificates and RACF and key rings.