The hostIdMappings certificate extension is used to communicate the user's host identity for one or more host systems. The extension contains a sequence of host name and user ID value pairs. (Each pair can also have an encrypted password, but this field is not used by RACF®.) When RACF is called to create an ACEE from a certificate containing a hostIdMappings extension, RACF examines the extension to determine the appropriate user ID for the ACEE. For more information how RACF uses this extension, see Using a hostIdMappings extension.

When you use hostIdMappings extensions, you need not create certificate profiles nor name filters prior to using certificates. However, as with all other extensions in a certificate, the hostIdMappings extension is created by the certificate's issuer at the time the certificate is generated. If you operate as your own certificate authority and you know the respective user IDs of your clients at the time their certificates are created, using hostIdMappings extensions is your lowest administrative cost option.

Restriction: PKI Services for z/OS® supports the creation of hostIdMappings extensions. However, other commercial certificate-authority software might not support them, so check with your software vendor.