Now that you have both NiFi and NiFi-Registry secured they will use TLS to authenticate with one another. NiFi-Registry does not initiate any connections to NiFi. NiFi will always act as the client talking to NiFi-Registry.
1. All 3 of your NiFi nodes must exist as users in the NiFi-Registry. 2. Any users who will be version controlling NiFi process Groups will need to exist as users in NiFi-Registry. 3. Your NiFi nodes must be authorized in NiFi-Registry for "Can proxy user requests" and read for "can manage buckets". Found by clicking on settings in NiFi-Regsitry UI, then selecting Users tab, and clicking pencil to right of each of your NiFi nodes. 4. You users must create a bucket(s) in NiFi-Registry and authorize your NiFi user(s) for read, write, delete on the bucket. From same setting UI click buckets tab, click "add bucket" then using pencil to left of bucket authorize your user(s). 5. From the NiFi UI, click on the global menu (upper right corner) --> Controller Settings --> Registry Clients tab. Click the "+" icon to add a new NiFi-Registry client. Provide the HTTPS://<nifi-regsitry-hostname:port> as the URL and a name of your choosing.
Provide the keystores and truststores created for your NiFi and NiFi-Registry can support mutual authentication between these two services, you will be good to go. Otherwise check your nifi and nifi-registry app logs for any TLS handshake errors which would need to be resolved.