Sorry to post my question here not getting the way out.
I have configured SSL with CA signed certs on the Server.By CA signed i mean actual CA and not NIFI CA.
I am using Nifi on a single machine without Ambari.
Now i want a client to authenticate and use nifi , how to create the client cert so that it authenticates to the CA signed cert on server.
ListenHTTP requires 2-way SSL when enabled. So the client will also need a keystore and truststore. The Truststore on both your client and server will need to contain the trusted cert entry for each others client cert. If you used the same CA for both then you should be good. If not you will need to add the CA or trusted key entry (Public key from each private key entry.) to each others Truststores.
Want to add some clarity to this last comment:
ListenHTTP requires 2-way TLS when enabled if a SSLContextService has been configured with a truststore. The truststore is used to trust the client certificate presented by the client, for the purpose of authentication, connecting to this secured ListenHTTP processor.
If only a keystore and no truststore is configured in the SSLContext service, the ListenHTTP will not require that clients present a client certificate.
The server certificate from the keystore will be presented to the client so the client can verify that it trusts the server (NiFI listenHTTP jetty server) that it is connecting with.