@Shashwat Gaur The overall throughput of NiFi is not being limited in any way at the NiFi software level. In most cases throughput is limited by CPU, Disk I/O, Memory, and/or network performance. I would check if any of the above are saturated. It is important that installation best practices are followed to maximize your throughput. At a minimum having the following located on separate physical disks (disks should be setup as RAIDs to protect your data) will help: - Content repository(s) - FlowFile repository - Provenance repository(s) - NiFI logging directory. When it comes to controlling throughput in your dataflow, look for bottleneck in your dataflow and check that you have optimized your processor components for concurrent tasks and run schedules. If your CPU is not saturated, consider increasing the number of configured threads you are allowing NiFi to hand out to its processor components in the "controller settings" (found under hamburger menu in upper right corner of NiFi UI). Change the value for "Max Timer Driven Thread Count". Good starting place is 2 - 4 times number of cores on a single NiFi instance (all settings are per node in a cluster). There is also a setting for "Max Event Driven Thread Count" which should be left unchanged. These event driven threads are experimental and not used by any NiFi components by default. If you find a lot of Garbage Collection is going on or you are hitting OutOfMemory(heap) exceptions, you may need to increase your heap allocation in the nifi bootstrap.conf file. You may also need to make dataflow design changes to reduce the heap footprint of your flow. Thank you, Matt ... View more

@Jan This error is telling you the hostname in the URL header does not match the owner or any Subject Alternative Names (SAN) in the server certificate being presented by the target server. For example: You configure an RPG with a target NiFi URL of "https://nifiserver:9443/nifi". During the TLS handshake the server identifies itself based on the contents of its keystore as "nifiserver01.corp.com". The above error is thrown because it appears some other server is trying to pretend to be intended destination server "nifiserver". NiFi's Site-to-SIte (S2S) capability uses the keystore and truststore configured in the nifi.properties file of both NiFi instances (Client side running RPG and server side running input/output ports) for the TLS handshake. You will want to perform a verbose listing of the keystore file on your target Nifi and make sure the following are true: 1. The keystore contains only a single PrivateKeyEntry 2. The owner of that single PrivateKeyEntry has a CN value or a SAN entry that matches the hostname of that server. Then make sure that you are using either the owner CN or one of the SAN entries in the URL used in your client side RPG. Thanks, Matt ... View more

@Andrew Twigg Make sure that your keystore and certs meet the following: - The keystore file used on each server contains only a single PrivateKeyEntry. - The certificate in the keystore has an extended key usage that includes both client auth and server auth Thank you, Matt ... View more