Making a certificate untrusted

If a certificate has been registered in the RACF® database, but you do not want it to be used by clients, you can mark it as UNTRUSTED using the RACDCERT command.

1. Enter the command RACDCERT ID(userid) LIST to find the label associated with the certificate.
2. Enter the command RACDCERT ID (userid) ALTER(LABEL(label)) NOTRUST to mark the certificate as untrusted.
3. If you amended the certificate while a running CICS region was using a key ring containing the certificate, issue the PERFORM SSL REBUILD command for the CICS region.
   The command rebuilds the SSL environment for the CICS region and refreshes the cache of certificates with the new information from the key ring.