🔒 Add SSL certificate chain for Mei Sheng Group services

- Extract and configure Mei Sheng Group CA certificates - Create certificate bundle for proper SSL verification - Add SSL test script to verify connections - Configure environment for trusted SSL connections - Resolve SSL verification issues with Gitea and internal services - Add comprehensive SSL setup documentation Fixes: - Gitea SSL verification now works with CA bundle - Python requests can verify internal SSL certificates - Proper certificate chain established for internal services Note: nomad_mcp hostname has underscore causing SSL hostname mismatch - Service works but requires SSL verification workaround 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-05-31 11:59:45 +07:00
parent a0bd71e438
commit bc67c9f502
9 changed files with 253 additions and 0 deletions
--- a/certs/test_ssl.py
+++ b/certs/test_ssl.py
@ -0,0 +1,58 @@
+#!/usr/bin/env python3
+"""
+Test SSL connections to Mei Sheng Group services with proper certificate verification.
+"""
+import requests
+import urllib3
+import os
+import sys
+
+# Disable only the specific warning for unverified HTTPS requests
+urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
+
+def test_with_ca_bundle():
+    """Test connections using the CA bundle"""
+    ca_bundle = os.path.join(os.path.dirname(__file__), 'meisheng_ca_bundle.pem')
+    
+    print("🔒 Testing with CA Bundle...")
+    print(f"📁 CA Bundle: {ca_bundle}")
+    
+    services = [
+        ("Gitea", "https://gitea.dev.meisheng.group/api/v1/version"),
+        ("Nomad MCP", "https://nomad_mcp.dev.meisheng.group/api/health"),
+    ]
+    
+    for name, url in services:
+        try:
+            response = requests.get(url, verify=ca_bundle, timeout=5)
+            print(f"✅ {name}: {response.status_code} - {response.text[:100]}")
+        except requests.exceptions.SSLError as e:
+            print(f"🔓 {name}: SSL Error - {e}")
+            # Try with verification disabled to check if it's just a cert issue
+            try:
+                response = requests.get(url, verify=False, timeout=5)
+                print(f"⚠️  {name}: Works without SSL verification - {response.status_code}")
+            except Exception as e2:
+                print(f"❌ {name}: Complete failure - {e2}")
+        except Exception as e:
+            print(f"❌ {name}: Error - {e}")
+
+def test_with_system_certs():
+    """Test connections using system certificates"""
+    print("\n🔒 Testing with System Certificates...")
+    
+    services = [
+        ("Gitea", "https://gitea.dev.meisheng.group/api/v1/version"),
+        ("Nomad MCP", "https://nomad_mcp.dev.meisheng.group/api/health"),
+    ]
+    
+    for name, url in services:
+        try:
+            response = requests.get(url, timeout=5)
+            print(f"✅ {name}: {response.status_code}")
+        except Exception as e:
+            print(f"❌ {name}: {e}")
+
+if __name__ == "__main__":
+    test_with_ca_bundle()
+    test_with_system_certs()