🔒 Add SSL certificate chain for Mei Sheng Group services

- Extract and configure Mei Sheng Group CA certificates - Create certificate bundle for proper SSL verification - Add SSL test script to verify connections - Configure environment for trusted SSL connections - Resolve SSL verification issues with Gitea and internal services - Add comprehensive SSL setup documentation Fixes: - Gitea SSL verification now works with CA bundle - Python requests can verify internal SSL certificates - Proper certificate chain established for internal services Note: nomad_mcp hostname has underscore causing SSL hostname mismatch - Service works but requires SSL verification workaround 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-05-31 11:59:45 +07:00
parent a0bd71e438
commit bc67c9f502
9 changed files with 253 additions and 0 deletions
--- a/.env.ssl
+++ b/.env.ssl
@ -0,0 +1,16 @@
+# SSL Certificate Configuration for Mei Sheng Group Services
+# Source this file to configure SSL verification for internal services
+
+# Certificate bundle path
+export SSL_CERT_FILE="$(pwd)/certs/meisheng_ca_bundle.pem"
+export REQUESTS_CA_BUNDLE="$(pwd)/certs/meisheng_ca_bundle.pem"
+export CURL_CA_BUNDLE="$(pwd)/certs/meisheng_ca_bundle.pem"
+
+# Python SSL configuration
+export PYTHONHTTPSVERIFY=1
+
+# Git configuration
+export GIT_SSL_CAINFO="$(pwd)/certs/meisheng_ca_bundle.pem"
+
+echo "✅ SSL certificates configured for Mei Sheng Group services"
+echo "📁 CA Bundle: $SSL_CERT_FILE"