Comment 4 for bug 1621647

I can see why this could be considered a bug in MAAS, but the workaround of adding the certificate to your system as trusted is the correct thing to do. The fact that we connected and *sent a password* using "https" in MAAS 1.9 is the actual bug. It's not "https" if it doesn't validate the certificate.

It's just annoying because in many MAAS environments, customers are using "https" servers provided by device vendors, in cases where the customer doesn't actually care about security, and clicks "connect anyway" every time on a self-signed certificate or similar. (In that case, you might as well connect via http and send your password in cleartext, because someone could easily launch a man-in-the-middle attack against an unverified connection.)