Mei_Sheng_Textiles/nomad_mcp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
dc2fe4c4254742a9a6e5236e03d4899b744f7b7c
nomad_mcp/certs
History
Nicolas Koehl 53bee3340f 📝 Update SSL documentation with auto-renewal information 
- Document 24-hour automatic certificate renewal
- Clarify that CA chain is stable and trustworthy long-term
- Update security considerations with SSL trust setup
- Provide clear guidance for long-term certificate trust

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-05-31 12:02:28 +07:00
..
ca_chain.pem
🔒 Add SSL certificate chain for Mei Sheng Group services
2025-05-31 11:59:45 +07:00
full_chain_raw.pem
🔒 Add SSL certificate chain for Mei Sheng Group services
2025-05-31 11:59:45 +07:00
intermediate_ca.pem
🔒 Add SSL certificate chain for Mei Sheng Group services
2025-05-31 11:59:45 +07:00
meisheng_ca_bundle.pem
🔒 Add SSL certificate chain for Mei Sheng Group services
2025-05-31 11:59:45 +07:00
README.md
📝 Update SSL documentation with auto-renewal information
2025-05-31 12:02:28 +07:00
root_ca.pem
🔒 Add SSL certificate chain for Mei Sheng Group services
2025-05-31 11:59:45 +07:00
server_cert.pem
🔒 Add SSL certificate chain for Mei Sheng Group services
2025-05-31 11:59:45 +07:00
test_ssl.py
🔒 Add SSL certificate chain for Mei Sheng Group services
2025-05-31 11:59:45 +07:00

README.md

Mei Sheng Group SSL Certificates

This folder contains the SSL certificate chain for Mei Sheng Group internal services.

🔄 Auto-Renewal: Server certificates are automatically renewed every 24 hours, but the CA chain remains stable and trustworthy for long-term use.

Certificate Chain

  1. Intermediate CA: Mei_Sheng_Group_Intermediate_CA_02

    • File: intermediate_ca.pem, meisheng_ca_bundle.pem
    • Valid: Sep 14, 2020 - Sep 13, 2025
    • Issuer: Mei_Sheng_Group_RootCA

  2. Server Certificate: *.dev.meisheng.group

    • File: server_cert.pem
    • Valid: May 30, 2025 - May 31, 2025 (expires soon!)
    • Covers: gitea.dev.meisheng.group, nomad_mcp.dev.meisheng.group

Usage

For Python Applications

Use the CA bundle to verify SSL connections:

import requests

# Use the CA bundle for requests
response = requests.get(
    'https://gitea.dev.meisheng.group',
    verify='/path/to/certs/meisheng_ca_bundle.pem'
)

For curl

curl --cacert certs/meisheng_ca_bundle.pem https://gitea.dev.meisheng.group

For Git

# Configure git to use the CA bundle
git config http.sslCAInfo /path/to/certs/meisheng_ca_bundle.pem

For MCP/Claude Code

Add to environment variables:

export REQUESTS_CA_BUNDLE=/path/to/certs/meisheng_ca_bundle.pem
export SSL_CERT_FILE=/path/to/certs/meisheng_ca_bundle.pem

Certificate Renewal

Automatic Renewal: Server certificates are automatically renewed every 24 hours by the Mei Sheng Group certificate management system.

📋 Certificate Details:

  • CA Chain: Stable and can be trusted long-term
  • Server Certificates: Auto-renewed daily (expires every ~24h)
  • Intermediate CA: Valid until Sep 13, 2025
  • Root CA: Managed by Mei Sheng Group PKI infrastructure

System Trust Store (Optional)

To install the CA in the system trust store:

macOS

sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain certs/meisheng_ca_bundle.pem

Linux

sudo cp certs/meisheng_ca_bundle.pem /usr/local/share/ca-certificates/meisheng-ca.crt
sudo update-ca-certificates