You can create a profile that associates a client certificate with a specified user ID. The profile can then be used for translating a certificate to a user ID, without the need for a password.
RACDCERT ADD('datasetname') TRUST [ ID(userid) ]
where: When you issue the RACDCERT command, RACF creates a profile in the DIGTCERT class. This profile associates the certificate with the user ID. You can then use the profile to translate a certificate to a user ID without giving a password.
For further information on the RACDCERT command, including the format of data allowed in the downloaded certificate data set, see z/OS® Security Server (RACF) Command Language Reference.