Just letting you know that I got this working. Thank you for your help.
What I did was to exchange the two nifi-cert.pem files between the two nifi instances and import them in the opposing truststores.
At that point the RPG's status became "Forbidden".
I then looked at the nifi-users.log file on the target Nifi, and I could see that the there was a user with DN (CN=<Nifi Instance 1 IP>, OU=NIFI) that was trying to authenticate. So I added that user in the target nifi, added to the global S2S policy and the individual port policies and voila!