https://community.cloudera.com/t5/Support-Questions/NiFi-Error-Despite-Successful-SSL-Handshake-using-openssl-s/m-p/289366#M214202 <P><a href="https://community.cloudera.com/t5/user/viewprofilepage/user-id/73987">@JC_ROS</a>&nbsp;<BR /><BR />With a secured NiFi all actions are authenticated and authorized.&nbsp; Thus mutual TLS authentication is required for NiFi things like:<BR /><BR />1. Node to Node communications (Older versions of NiFi had ability to set NeedClientAuth=false in the nifi.properties to make node to node comms 1-way TLS.&nbsp; Newer NiFi releases removed this property resulting in mutual TLS being required here.<BR />2. NiFi Remote Process Groups (RPG) - The S2S protocol used by the RPG required mutual TLS.&nbsp; The NiFI instance running the RPG is acting as a client and must present a clientAuth certificate.<BR />3. NiFi load balanced connections<BR /><BR />The above all utilize the NiFi node keystore and truststore.&nbsp;<BR /><BR />Hope this helps,</P><P>Matt</P> Fri, 07 Feb 2020 16:50:55 GMT MattWho 2020-02-07T16:50:55Z