From 53bee3340f1f98281f563c2849bd2a762f462fc7 Mon Sep 17 00:00:00 2001 From: Nicolas Koehl Date: Sat, 31 May 2025 12:02:28 +0700 Subject: [PATCH] =?UTF-8?q?=F0=9F=93=9D=20Update=20SSL=20documentation=20w?= =?UTF-8?q?ith=20auto-renewal=20information?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Document 24-hour automatic certificate renewal - Clarify that CA chain is stable and trustworthy long-term - Update security considerations with SSL trust setup - Provide clear guidance for long-term certificate trust 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude --- MCP_INTEGRATION.md | 17 +++++++++++++++++ certs/README.md | 10 +++++++++- 2 files changed, 26 insertions(+), 1 deletion(-) diff --git a/MCP_INTEGRATION.md b/MCP_INTEGRATION.md index 0ea0a80..aeaab9a 100644 --- a/MCP_INTEGRATION.md +++ b/MCP_INTEGRATION.md @@ -271,6 +271,23 @@ When deploying MCP servers on the network: 5. **Rate limiting** to prevent abuse 6. **Audit logging** for all MCP operations +### SSL Certificate Trust + +For Mei Sheng Group internal services: + +1. **Use the provided CA bundle** in `/certs/meisheng_ca_bundle.pem` +2. **Automatic certificate renewal** - Server certificates renew every 24 hours +3. **Stable CA chain** - The certificate authority chain can be trusted long-term +4. **Environment configuration** - Source `.env.ssl` for proper SSL verification + +```bash +# Configure SSL trust for development +source .env.ssl + +# Test SSL connections +uv run python certs/test_ssl.py +``` + ### Recommended Network Architecture ``` diff --git a/certs/README.md b/certs/README.md index 29cf808..11b0e87 100644 --- a/certs/README.md +++ b/certs/README.md @@ -2,6 +2,8 @@ This folder contains the SSL certificate chain for Mei Sheng Group internal services. +🔄 **Auto-Renewal**: Server certificates are automatically renewed every 24 hours, but the CA chain remains stable and trustworthy for long-term use. + ## Certificate Chain 1. **Intermediate CA**: `Mei_Sheng_Group_Intermediate_CA_02` @@ -54,7 +56,13 @@ export SSL_CERT_FILE=/path/to/certs/meisheng_ca_bundle.pem ## Certificate Renewal -⚠️ **Important**: The server certificate expires on May 31, 2025. It needs to be renewed soon. +✅ **Automatic Renewal**: Server certificates are automatically renewed every 24 hours by the Mei Sheng Group certificate management system. + +📋 **Certificate Details**: +- **CA Chain**: Stable and can be trusted long-term +- **Server Certificates**: Auto-renewed daily (expires every ~24h) +- **Intermediate CA**: Valid until Sep 13, 2025 +- **Root CA**: Managed by Mei Sheng Group PKI infrastructure ## System Trust Store (Optional)