Apollo Gateway local dev with self-signed certificates

Hello, I’ve followed the instructions to generate a supergraph.graphql file using rover. To do this locally I had to use the --insecure-accept-invalid-certs setting as my dev server has self signed certificates.

When it comes to creating the gateway using the supergraph.graphql file, I get the following error.

graphQLErrors: [
      message: 'request to https://mysite.localhost/graphql failed, reason: self signed certificate',
      extensions: [Object]

Is there a config option I can pass to ApolloGateway and/or ApolloServer’s constructor when doing local development to avoid the issue with self-signed certificates? I have already tried setting NODE_TLS_REJECT_UNAUTHORIZED=0 in my .env.local but it seems this is ignored.

const supergraphSdl = readFileSync('./supergraph.graphql').toString();

const gateway = new ApolloGateway({

const apolloServer = new ApolloServer({


Hi, I’m also having this exact same problem and am having trouble getting passed it. Did you learn anything new here?

Hello, I did not manage to make any progress on this issue and had to give up as I couldn’t get it to work.


I’m having the exact same problem, did you try any other alternative or anything else worked for you?



I’m running into the same problem, were you able to fix it?


Federation 2 uses ‘make-fetch-happen’ which is by default using strict SSL.
As workaround for local development you can create a custom datasource that sets the default options like that:

import { RemoteGraphQLDataSource } from '@apollo/gateway';
import * as fetcher from 'make-fetch-happen';
export class CustomDataSource extends RemoteGraphQLDataSource {
  constructor(config: any) {
      this.fetcher = fetcher.defaults({
        maxSockets: Infinity,
        strictSSL: false,
        retry: false,

About custom datasources read this: The graph router - Apollo GraphQL Docs

1 Like

Has there been any movement on this issue? I’m having the same issue locally

For anyone stumbling across this like I did, here’s the solution I found:

I’m not sure how much location matters on this, but I put the following line just before calling new ApolloServer

process.env["NODE_TLS_REJECT_UNAUTHORIZED"] = process.env.NODE_ENV === 'development' ? '0' : '';
const server = new ApolloServer({...stuff});
export default startServerAndCreateNextHandler(server);

For context, I’m running a Nextjs app, doing GQL through the Next API with Apollo server, and a separate .NET REST API running locally with a self signed cert. The startServerAndCreateNextHandler bit might not apply to you.

This isn’t an Apollo specific fix. It has to do with node.js and the https module.