Mei_Sheng_Textiles/nomad_mcp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7073d37c260ec2b9e627435666d69644b5686950
nomad_mcp/certs/README.md
Nicolas Koehl 53bee3340f 📝 Update SSL documentation with auto-renewal information 
- Document 24-hour automatic certificate renewal
- Clarify that CA chain is stable and trustworthy long-term
- Update security considerations with SSL trust setup
- Provide clear guidance for long-term certificate trust

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-05-31 12:02:28 +07:00

80 lines
2.1 KiB
Markdown
Raw Blame History

# Mei Sheng Group SSL Certificates
This folder contains the SSL certificate chain for Mei Sheng Group internal services.
🔄 **Auto-Renewal**: Server certificates are automatically renewed every 24 hours, but the CA chain remains stable and trustworthy for long-term use.
## Certificate Chain
1. **Intermediate CA**: `Mei_Sheng_Group_Intermediate_CA_02`
- File: `intermediate_ca.pem`, `meisheng_ca_bundle.pem`
- Valid: Sep 14, 2020 - Sep 13, 2025
- Issuer: Mei_Sheng_Group_RootCA
2. **Server Certificate**: `*.dev.meisheng.group`
- File: `server_cert.pem`
- Valid: May 30, 2025 - May 31, 2025 (expires soon!)
- Covers: gitea.dev.meisheng.group, nomad_mcp.dev.meisheng.group
## Usage
### For Python Applications
Use the CA bundle to verify SSL connections:
```python
import requests
# Use the CA bundle for requests
response = requests.get(
'https://gitea.dev.meisheng.group',
verify='/path/to/certs/meisheng_ca_bundle.pem'
)
```
### For curl
```bash
curl --cacert certs/meisheng_ca_bundle.pem https://gitea.dev.meisheng.group
```
### For Git
```bash
# Configure git to use the CA bundle
git config http.sslCAInfo /path/to/certs/meisheng_ca_bundle.pem
```
### For MCP/Claude Code
Add to environment variables:
```bash
export REQUESTS_CA_BUNDLE=/path/to/certs/meisheng_ca_bundle.pem
export SSL_CERT_FILE=/path/to/certs/meisheng_ca_bundle.pem
```
## Certificate Renewal
**Automatic Renewal**: Server certificates are automatically renewed every 24 hours by the Mei Sheng Group certificate management system.
📋 **Certificate Details**:
- **CA Chain**: Stable and can be trusted long-term
- **Server Certificates**: Auto-renewed daily (expires every ~24h)
- **Intermediate CA**: Valid until Sep 13, 2025
- **Root CA**: Managed by Mei Sheng Group PKI infrastructure
## System Trust Store (Optional)
To install the CA in the system trust store:
### macOS
```bash
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain certs/meisheng_ca_bundle.pem
```
### Linux
```bash
sudo cp certs/meisheng_ca_bundle.pem /usr/local/share/ca-certificates/meisheng-ca.crt
sudo update-ca-certificates
```
Reference in New Issue View Git Blame Copy Permalink