diff --git a/conn_config_test.go.example b/conn_config_test.go.example
index 463c0841..096e1354 100644
--- a/conn_config_test.go.example
+++ b/conn_config_test.go.example
@@ -1,7 +1,14 @@
 package pgx_test
 
 import (
-  "github.com/jackc/pgx"
+	// "crypto/tls"
+	// "crypto/x509"
+	// "fmt"
+	// "go/build"
+	// "io/ioutil"
+	// "path"
+
+	"github.com/jackc/pgx"
 )
 
 var defaultConnConfig *pgx.ConnConfig = &pgx.ConnConfig{Host: "127.0.0.1", User: "pgx_md5", Password: "secret", Database: "pgx_test"}
@@ -22,7 +29,51 @@ var cratedbConnConfig *pgx.ConnConfig = nil
 // var md5ConnConfig *pgx.ConnConfig = &pgx.ConnConfig{Host: "127.0.0.1", User: "pgx_md5", Password: "secret", Database: "pgx_test"}
 // var plainPasswordConnConfig *pgx.ConnConfig = &pgx.ConnConfig{Host: "127.0.0.1", User: "pgx_pw", Password: "secret", Database: "pgx_test"}
 // var invalidUserConnConfig *pgx.ConnConfig = &pgx.ConnConfig{Host: "127.0.0.1", User: "invalid", Database: "pgx_test"}
-// var tlsConnConfig *pgx.ConnConfig = &pgx.ConnConfig{Host: "127.0.0.1", User: "pgx_md5", Password: "secret", Database: "pgx_test", TLSConfig: &tls.Config{InsecureSkipVerify: true}}
 // var customDialerConnConfig *pgx.ConnConfig = &pgx.ConnConfig{Host: "127.0.0.1", User: "pgx_md5", Password: "secret", Database: "pgx_test"}
 // var replicationConnConfig *pgx.ConnConfig = &pgx.ConnConfig{Host: "127.0.0.1", User: "pgx_replication", Password: "secret", Database: "pgx_test"}
 
+// var tlsConnConfig *pgx.ConnConfig = &pgx.ConnConfig{Host: "127.0.0.1", User: "pgx_md5", Password: "secret", Database: "pgx_test", TLSConfig: &tls.Config{InsecureSkipVerify: true}}
+//
+//// or to test client certs:
+//
+// var tlsConnConfig *pgx.ConnConfig
+//
+// func init() {
+// 	homeDir := build.Default.GOPATH
+// 	tlsConnConfig = &pgx.ConnConfig{
+// 		Host:     "127.0.0.1",
+// 		User:     "pgx_md5",
+// 		Password: "secret",
+// 		Database: "pgx_test",
+// 		TLSConfig: &tls.Config{
+// 			InsecureSkipVerify: true,
+// 		},
+// 	}
+// 	caCertPool := x509.NewCertPool()
+//
+// 	caPath := path.Join(homeDir, "/src/github.com/jackc/pgx/rootCA.pem")
+// 	caCert, err := ioutil.ReadFile(caPath)
+// 	if err != nil {
+// 		panic(fmt.Sprintf("unable to read CA file: %v", err))
+// 	}
+//
+// 	if !caCertPool.AppendCertsFromPEM(caCert) {
+// 		panic("unable to add CA to cert pool")
+// 	}
+//
+// 	tlsConnConfig.TLSConfig.RootCAs = caCertPool
+// 	tlsConnConfig.TLSConfig.ClientCAs = caCertPool
+//
+// 	sslCert := path.Join(homeDir, "/src/github.com/jackc/pgx/pg_md5.crt")
+// 	sslKey := path.Join(homeDir, "/src/github.com/jackc/pgx/pg_md5.key")
+// 	if (sslCert != "" && sslKey == "") || (sslCert == "" && sslKey != "") {
+// 		panic(`both "sslcert" and "sslkey" are required`)
+// 	}
+//
+// 	cert, err := tls.LoadX509KeyPair(sslCert, sslKey)
+// 	if err != nil {
+// 		panic(fmt.Sprintf("unable to read cert: %v", err))
+// 	}
+//
+// 	tlsConnConfig.TLSConfig.Certificates = []tls.Certificate{cert}
+// }