Ignore self-signed certificate

[rnkhouse]

Connecting with graphql api with below code:

const endpoint = 'http://dev.api'
const graphQLClient = new GraphQLClient(endpoint, {
  headers: {
    authorization: 'xxxxx',
  },
})
const data = await graphQLClient.request(query)

ERROR

request to https://dev.api failed, reason: unable to get local issuer certificate

Server is using self-signed certificate. How can I ignore the warning and add an exception?

[remino]

+1

[maticzav]

Hey 👋,

Could you try using

process.env["NODE_TLS_REJECT_UNAUTHORIZED"] = 0

I have taken it from this StackOverflow thread.

Let me know if it solved your problem. 🙂

[remino]

I forgot to report back here, but indeed, since I was using a self-signed certificate, it was complaining. Setting that variable worked for me.

[maticzav]

@remino that's great! I will close the issue as it seems to be resolved now 🙂

[tovbinm]

Form the docs - https://nodejs.org/api/cli.html#cli_node_tls_reject_unauthorized_value

NODE_TLS_REJECT_UNAUTHORIZED=value#

If value equals '0', certificate validation is disabled for TLS connections. This makes TLS, and HTTPS by extension, insecure. The use of this environment variable is strongly discouraged.

Is there any other approach we can use?

[chrisjensen]

+1
We've just been stung by LetsEncrypt certificate issues on a particular platform. We're waiting for the hosting provider to fix this by updating the root certs that are installed, but in the mean time we'd like to find a work around that doesn't involve disabling TLS validation for all connections but just this specific host

[dedo1911]

@chrisjensen check this out to skip validation just for a request and not disable TLS validation for the whole application

import https from 'https'
import { GraphQLClient } from 'graphql-request'

const httpsAgent = new https.Agent({ rejectUnauthorized: false })
const client = new GraphQLClient(GRAPHQL_URI, { agent: httpsAgent })

[TomerElkayam-vue]

@chrisjensen check this out to skip validation just for a request and not disable TLS validation for the whole application

import https from 'https'
import { GraphQLClient } from 'graphql-request'

const httpsAgent = new https.Agent({ rejectUnauthorized: false })
const client = new GraphQLClient(GRAPHQL_URI, { agent: httpsAgent })

Is it working for you? because it doesn't have an agent option in new GraphQLClient constructor

[dedo1911]

@chrisjensen check this out to skip validation just for a request and not disable TLS validation for the whole application

import https from 'https'
import { GraphQLClient } from 'graphql-request'

const httpsAgent = new https.Agent({ rejectUnauthorized: false })
const client = new GraphQLClient(GRAPHQL_URI, { agent: httpsAgent })

Is it working for you? because it doesn't have an agent option in new GraphQLClient constructor

It’s working to me.

If you follow this.options here https://github.com/prisma-labs/graphql-request/blob/26711e741a3966f10e34b907ec9e76d214e88d1f/src/index.ts#L216
All other options that are not part of the constructor type are being destructured to fetchOptions, and passed to makeRequest https://github.com/prisma-labs/graphql-request/blob/26711e741a3966f10e34b907ec9e76d214e88d1f/src/index.ts#L233
And it’s ultimately being passed as-is to the fetch API here https://github.com/prisma-labs/graphql-request/blob/26711e741a3966f10e34b907ec9e76d214e88d1f/src/index.ts#L149 or here https://github.com/prisma-labs/graphql-request/blob/26711e741a3966f10e34b907ec9e76d214e88d1f/src/index.ts#L182

There’re a lot of other options which are undocumented on this library because are just part of the fetch api itself. Would rather be better specifying that’s possible to tweak them this way..

[dovidkopel]

The typescript signature does not seem to allow for an agent argument. I'm running 6.1.0. Am I missing something?

[wesleyscholl]

Hey 👋,

Could you try using

process.env["NODE_TLS_REJECT_UNAUTHORIZED"] = 0

I have taken it from this StackOverflow thread.

Let me know if it solved your problem. 🙂

This worked for me!