Rest API behind https with self signed certificate

We have an api of one of our vendors which has a self signed SSL certificate for the staging environment.

Now, if I run the query against it I get request to https://hostname/path failed, reason: self signed certificate.

We use the cloud version of retool.

Is there any way to circumvent this? I searched the docs and I only found docs about self hosted version, or connection types such as mongodb or database, but not plain https REST.

Hi @hansaplast!

Ah, great question. This is not possible on Cloud, unfortunately. You can only connect to APIs + SSL on On-Premise deployments of Retool.

Cloud forces secure connections for all https requests, and can't verify individually-provided layers. On-Premise users can add extra CA Certs to verify the SSL for a given API.

Hi @victoria ,

I was running into an issue which may be related to this. I'm using an on-prem instance and attempting to connect to a graphql resource that uses a self-signed cert. The Retool admin UI is reporting, "unable to get local issuer certificate." Is there a recommendation for how to get around this issue? If this were a Node service, I'd use an environment variable like "NODE_TLS_REJECT_UNAUTHORIZED=0." Can I do something similar with Retool to get it to bypass self-signed cert warnings?

Hi @anoop.gantayat! Do you see the option to "Allow self-signed certificates”?

Curious if you're running into something like this:

Hi @victoria ... I didn't see the "allow self signed certificates" option. However, I ended up doing two things:

  1. Followed this guide: Certs: Custom internal CA
  2. Added NODE_TLS_REJECT_UNAUTHORIZED=0 to docker.env

I don't know which of these worked, but the problem went away and I'm now able to make GQL calls and assemble the UI.

Oh, awesome! Thank you for updating this thread with what worked for you, and I'm glad you were able to start building in Retool. Please do let us know if you run into any other blockers! :blush: