JSS headless SSR proxy “unable to verify the first certificate”

When developing a new JSS solution I was looking to have a play locally in headless mode. Unfortunately I hit an issue after standing up a newly minted Sitecore 10 SXA/JSS instance in docker and using it as the apiHost running the node-headless-ssr-proxy sample app locally. After setting up the appropriate values for the proxy and ensuring the react app was in place, I was getting the following error for all SSR layout service requests.

[HPM] Proxy created: /  -> https://xp0cm.localhost
server listening on port 3001!
FetchError: request to https://xp0cm.localhost/sitecore/api/jss/dictionary/jss-sandbox/en?sc_apikey=%7BXXXXXX-XXXX-XXXX-XXXX-XXXXXXXX%7D failed, reason: unable to verify the first certificate
    at ClientRequest.<anonymous> (C:\repos\sandbox\node-proxy\node_modules\node-fetch\lib\index.js:1444:11)
    at ClientRequest.emit (events.js:315:20)
    at TLSSocket.socketErrorListener (_http_client.js:426:9)
    at TLSSocket.emit (events.js:315:20)
    at emitErrorNT (internal/streams/destroy.js:92:8)
    at emitErrorAndCloseNT (internal/streams/destroy.js:60:3)
    at processTicksAndRejections (internal/process/task_queues.js:84:21) {
  type: 'system',
  errno: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE',
  code: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE'
}
Read More »