Testing SSL/TLS

You can test an SSL/TLS connection by using the examples provided in this documentation.

To test that your SSL/TLS configuration works correctly, you can use self-signed certificates. Self-signed certificates are useful in test scenarios so that you can ensure SSL/TLS connectivity without paying a Certificate Authority (CA) for a certificate. See Creating test certificates for details.

You can find examples of self-signed certificates in the sample key-ring files, named sslSample.pfx and sslCAdefault.pfx, provided with MQIPT in the ssl subdirectory. To open either of these PKCS#12 key-ring files, you must use the password mqiptSample. These sample certificates are provided for your convenience during testing. However, the private keys of the sample certificates are known to all MQIPT users. This means that they are insecure and should be used only in a test environment.

You should not use any self-signed certificates in production environments, whether they are sample certificates or not. Instead, obtain a CA-signed certificate from a trusted CA. To create a CA-signed certificate, see Creating a key ring file.

When creating or requesting a certificate, you should consider which key type, key size and digital signature algorithm are appropriate for your security needs. See Digital certificate considerations for MQIPT for further information.

Certificates and certificate management technologies are available from a number of third-party suppliers.