@dontiffjr
The exception in your browser ERR_CERT_AUTHORITY_INVALID typically means that the trust chain for your NiFi's serverAuth certificate is not trusted by your browser. You should see an option in the browser to "proceed to ...". If you click on that, can you get to the NiFi UI?
You can also use openssl command to inspect the server hello coming from your NiFi and obtain the public cert for your NiFi server's certificate. You can load those public certificates into you browser trust.
openssl s_client -connect <nifi-hostname>:<nifi-port> -showcerts
Next thing to look at would be the contents of your certificate.
<path to java>/bin/keytool -v -list -keystore <path to>/keystore.jks
You'll want to make sure it contains:
1. A DN that does not contain wildcards
2. ExtendedKeyUsage (EKU) with both clientAuth and serverAuth
3. SubjectAlternativeName (SAN) with entry that matches the hostname of the server on which it is being used.
4. verify issue and expiration dates for certificate and that server clock and your local client machine where you are using browser has same date and time.
If you found this response assisted with your query, please take a moment to login and click on "Accept as Solution" below this post.
Thank you,
Matt
