Testing SSL/TLS in MQIPT

Examples to help you to test an SSL/TLS connection.

See Getting started with IBM® MQ Internet Pass-Thru for a description of various scenarios. In particular, see the following tasks:

To test that your SSL/TLS configuration works correctly, you can use self-signed certificates. Self-signed certificates are useful in test scenarios so that you can test SSL/TLS connectivity without paying a certificate authority (CA) for a certificate. For more information, see Creating test certificates.

Do not use any self-signed certificates in production environments. Instead, obtain a CA-signed certificate from a trusted CA. To create a CA-signed certificate, see Creating a key ring file.

When you create or request a certificate, you must consider which key type, key size, and digital signature algorithm are appropriate for your security needs. For more information, see Digital certificate considerations for MQIPT.

Certificates and certificate management technologies are available from several third-party suppliers.

MQIPT sample key rings

The following sample PKCS #12 key ring files are provided with MQIPT in the samples/ssl subdirectory for your convenience during testing:

sslSample.pfx: A key ring that contains a sample self-signed certificate.
sslCASample.pfx: A sample CA certificate key ring.

To access these sample key ring files, use the password mqiptSample.

The sample self-signed certificate must be used only in a test environment as the private keys of the certificate is available to all MQIPT users.