Mei_Sheng_Textiles/nomad_mcp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bc67c9f502f90d00f14545800268e9566ea97b72
nomad_mcp/certs/README.md
Nicolas Koehl bc67c9f502 🔒 Add SSL certificate chain for Mei Sheng Group services 
- Extract and configure Mei Sheng Group CA certificates
- Create certificate bundle for proper SSL verification
- Add SSL test script to verify connections
- Configure environment for trusted SSL connections
- Resolve SSL verification issues with Gitea and internal services
- Add comprehensive SSL setup documentation

Fixes:
- Gitea SSL verification now works with CA bundle
- Python requests can verify internal SSL certificates
- Proper certificate chain established for internal services

Note: nomad_mcp hostname has underscore causing SSL hostname mismatch
- Service works but requires SSL verification workaround

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-05-31 11:59:45 +07:00

1.7 KiB
Raw Blame History

Mei Sheng Group SSL Certificates

This folder contains the SSL certificate chain for Mei Sheng Group internal services.

Certificate Chain

  1. Intermediate CA: Mei_Sheng_Group_Intermediate_CA_02

    • File: intermediate_ca.pem, meisheng_ca_bundle.pem
    • Valid: Sep 14, 2020 - Sep 13, 2025
    • Issuer: Mei_Sheng_Group_RootCA

  2. Server Certificate: *.dev.meisheng.group

    • File: server_cert.pem
    • Valid: May 30, 2025 - May 31, 2025 (expires soon!)
    • Covers: gitea.dev.meisheng.group, nomad_mcp.dev.meisheng.group

Usage

For Python Applications

Use the CA bundle to verify SSL connections:

import requests

# Use the CA bundle for requests
response = requests.get(
    'https://gitea.dev.meisheng.group',
    verify='/path/to/certs/meisheng_ca_bundle.pem'
)

For curl

curl --cacert certs/meisheng_ca_bundle.pem https://gitea.dev.meisheng.group

For Git

# Configure git to use the CA bundle
git config http.sslCAInfo /path/to/certs/meisheng_ca_bundle.pem

For MCP/Claude Code

Add to environment variables:

export REQUESTS_CA_BUNDLE=/path/to/certs/meisheng_ca_bundle.pem
export SSL_CERT_FILE=/path/to/certs/meisheng_ca_bundle.pem

Certificate Renewal

⚠️ Important: The server certificate expires on May 31, 2025. It needs to be renewed soon.

System Trust Store (Optional)

To install the CA in the system trust store:

macOS

sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain certs/meisheng_ca_bundle.pem

Linux

sudo cp certs/meisheng_ca_bundle.pem /usr/local/share/ca-certificates/meisheng-ca.crt
sudo update-ca-certificates