Using Safari with the Juju GUI

The Juju GUI uses secure web sockets to communicate with the Juju controller. To secure that channel we use a self-signed certificate. Most browsers allow the user to easily accept the certificate and all is well.

With Safari it is possible but a little more involved. The certificate must be accepted and placed into the Keychain. The steps to follow are below:

  1. Access the Juju GUI site.
  2. The site will start to load but then Safari will display the following alert: Screen Shot 2016-02-12 at 10.53.49.png
  3. If you simply press Continue you’ll proceed to the GUI but the web socket will not work. Press Show Certificate instead.
  4. A certificate dialog box will be shown. Open the Trust section.Screen Shot 2016-02-12 at 10.55.36.png
  5. Change the first drop down to Always Trust which will be cascaded down to the other drop downs.Screen Shot 2016-02-12 at 10.55.45.png
  6. Pressing Continue will lead to a dialog box asking for your OS X password. After entering it, the certificate will be permanently added to the Certificates section shown by the Keychain Access utility.  It’ll have a name like your-jujugui-1455269898.local which you can later delete if you wish.

Note that the self-signed certificates are created for each instance of the Juju GUI. Unfortunately this means you’ll need to repeat this process for each instance of the GUI you wish to use.

If at step 2 you press Continue, Safari will not be able to connect to the secure web socket and it will not present you with the certificate dialog again. To recover you must do the following:

  1. Open Preferences in Safari and go to the Privacy tab.
  2. Click the Details button and search for the site address.
  3. Select the entry and click Remove.
  4. Quit and restart Safari.
  5. Revisit the Juju GUI site.

Credits

Massimiliano Marcon’s post at his blog.