# Mei Sheng Group SSL Certificates

This folder contains the SSL certificate chain for Mei Sheng Group internal services.

## Certificate Chain

1. **Intermediate CA**: `Mei_Sheng_Group_Intermediate_CA_02`
   - File: `intermediate_ca.pem`, `meisheng_ca_bundle.pem`
   - Valid: Sep 14, 2020 - Sep 13, 2025
   - Issuer: Mei_Sheng_Group_RootCA

2. **Server Certificate**: `*.dev.meisheng.group`
   - File: `server_cert.pem`
   - Valid: May 30, 2025 - May 31, 2025 (expires soon!)
   - Covers: gitea.dev.meisheng.group, nomad_mcp.dev.meisheng.group

## Usage

### For Python Applications

Use the CA bundle to verify SSL connections:

```python
import requests

# Use the CA bundle for requests
response = requests.get(
    'https://gitea.dev.meisheng.group',
    verify='/path/to/certs/meisheng_ca_bundle.pem'
)
```

### For curl

```bash
curl --cacert certs/meisheng_ca_bundle.pem https://gitea.dev.meisheng.group
```

### For Git

```bash
# Configure git to use the CA bundle
git config http.sslCAInfo /path/to/certs/meisheng_ca_bundle.pem
```

### For MCP/Claude Code

Add to environment variables:

```bash
export REQUESTS_CA_BUNDLE=/path/to/certs/meisheng_ca_bundle.pem
export SSL_CERT_FILE=/path/to/certs/meisheng_ca_bundle.pem
```

## Certificate Renewal

⚠️ **Important**: The server certificate expires on May 31, 2025. It needs to be renewed soon.

## System Trust Store (Optional)

To install the CA in the system trust store:

### macOS
```bash
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain certs/meisheng_ca_bundle.pem
```

### Linux
```bash
sudo cp certs/meisheng_ca_bundle.pem /usr/local/share/ca-certificates/meisheng-ca.crt
sudo update-ca-certificates
```