For applications using System SSL, such as z/OS® FTP, or other middleware programs that read RACF® key rings through the R_datalib callable service, a virtual key ring can be specified in place of a real key ring, whenever a real key ring is expected. To include virtual key rings, the application user specifies an asterisk (*) for the key ring name along with the ring owner's user ID using the form ring-owner/*. The ring owner user IDs for the certificates under CERTAUTH and SITE are in the form of *AUTH* and *SITE*.