You may receive the following error message:
"CSQX632I SSL certificate has no associated user ID"
MQ cannot find a user id from the certificate. The channel will run under the CHINIT user id (this may be a security exposure).
There are two solutions:
1) You should install the peer certificates. Extract the peer certificates and install them in the RACF database. The label must match z/OS requirements (that is, ibmWebSphereMQ<qmgr>, not ibmwebspheremq<qmgr>). The certificate must be in the queue manager’s key ring.
2) Create a RACF map. This JCL maps a certificate to a user id:
RACDCERT ID(EMIR) DELMAP (LABEL(‘MQMAP’))
RACDCERT ID(EMIR) MAP +
IDNFILTER(‘CN=MQCA.O=IBM.C=GB’) WITHLABEL(‘MQMAP’) TRUST
SETROPTS RACLIST(DIGTNMAP) REFRESH
RACDCERT ID(EMIR) LISTMAP (LABEL(‘MQMAP’))
More info here