Mei_Sheng_Textiles/nomad_mcp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bc67c9f502f90d00f14545800268e9566ea97b72
nomad_mcp/certs/README.md
Nicolas Koehl bc67c9f502 🔒 Add SSL certificate chain for Mei Sheng Group services 
- Extract and configure Mei Sheng Group CA certificates
- Create certificate bundle for proper SSL verification
- Add SSL test script to verify connections
- Configure environment for trusted SSL connections
- Resolve SSL verification issues with Gitea and internal services
- Add comprehensive SSL setup documentation

Fixes:
- Gitea SSL verification now works with CA bundle
- Python requests can verify internal SSL certificates
- Proper certificate chain established for internal services

Note: nomad_mcp hostname has underscore causing SSL hostname mismatch
- Service works but requires SSL verification workaround

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-05-31 11:59:45 +07:00

72 lines
1.7 KiB
Markdown
Raw Blame History

# Mei Sheng Group SSL Certificates
This folder contains the SSL certificate chain for Mei Sheng Group internal services.
## Certificate Chain
1. **Intermediate CA**: `Mei_Sheng_Group_Intermediate_CA_02`
- File: `intermediate_ca.pem`, `meisheng_ca_bundle.pem`
- Valid: Sep 14, 2020 - Sep 13, 2025
- Issuer: Mei_Sheng_Group_RootCA
2. **Server Certificate**: `*.dev.meisheng.group`
- File: `server_cert.pem`
- Valid: May 30, 2025 - May 31, 2025 (expires soon!)
- Covers: gitea.dev.meisheng.group, nomad_mcp.dev.meisheng.group
## Usage
### For Python Applications
Use the CA bundle to verify SSL connections:
```python
import requests
# Use the CA bundle for requests
response = requests.get(
'https://gitea.dev.meisheng.group',
verify='/path/to/certs/meisheng_ca_bundle.pem'
)
```
### For curl
```bash
curl --cacert certs/meisheng_ca_bundle.pem https://gitea.dev.meisheng.group
```
### For Git
```bash
# Configure git to use the CA bundle
git config http.sslCAInfo /path/to/certs/meisheng_ca_bundle.pem
```
### For MCP/Claude Code
Add to environment variables:
```bash
export REQUESTS_CA_BUNDLE=/path/to/certs/meisheng_ca_bundle.pem
export SSL_CERT_FILE=/path/to/certs/meisheng_ca_bundle.pem
```
## Certificate Renewal
⚠️ **Important**: The server certificate expires on May 31, 2025. It needs to be renewed soon.
## System Trust Store (Optional)
To install the CA in the system trust store:
### macOS
```bash
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain certs/meisheng_ca_bundle.pem
```
### Linux
```bash
sudo cp certs/meisheng_ca_bundle.pem /usr/local/share/ca-certificates/meisheng-ca.crt
sudo update-ca-certificates
```
Reference in New Issue View Git Blame Copy Permalink