Marking a certificate untrusted

If a certificate has been registered in the RACF® database, but you do not want it to be used by clients, you can mark it as UNTRUSTED using the RACDCERT command. To do this, first issue:

   RACDCERT ID(userid) LIST
to find the label associated with the certificate you wish to change, and then issue:
   RACDCERT ID (userid) ALTER(LABEL(label)) NOTRUST 
to mark the certificate as untrusted. Clients are then prevented from establishing CLIENTAUTH connections with this certificate.