@ThierryOfNantes  Welcome to the Cloudera community. I suspect your issue is with your run.as user.  While the nifi.sh may have executable to all, does your run.as user have necessary permissions to traverse the entire directory tree to the nifi.sh script? I suggest trying to navigate the directory tree as the run as user and starting nifii.sh manually as that user.    Can you share your /etc/rc.d/init.d/nifi script? Can you share your /install_directory/nifi/bin/nifi.sh script?   Please help our community grow. If you found any of the suggestions/solutions provided helped you with solving your issue or answering your question, please take a moment to login and click "Accept as Solution" on one or more of them that helped. Thank you, Matt ... View more

@mansmaan  I'm afraid there is not enough information shared yet to know exactly why you are experiencing a connection refused or connection reset issue from your NiFi node.  I was able to use InvokeHTTP with no issue to successfully get a response from the URL you provided.  I was able to view the weather data that was returned in json format. Have you tried to reach wttr.in directly from command line on the NiFi server? This sound like an environmental issue and not a NiFi invokeHTTP issue.    Please help our community grow. If you found any of the suggestions/solutions provided helped you with solving your issue or answering your question, please take a moment to login and click "Accept as Solution" on one or more of them that helped. Thank you, Matt ... View more

@pnac03  A MutualTLS connection is established between NiFi and NiFi-Registry.  This means trust is established in both directions. You shared only the output from an openssl command connection to your NiFi-Registry. In that output we see that you NiFi-Registry reports the following: Acceptable client certificate CA names CN = 3SCDemo-CA, OU = 3SCDemo CN = nifi-registry, OU = 3SCDemo This tells us that your NiFi-Registry will only accept clientAuth certificates signed by the authorities listed in above output. Also from that same openssl command output we can see the following details of your NiFi-Registry's serverAuth certificate: Certificate chain 0 s:CN = nifi-registry, OU = 3SCDemo i:CN = 3SCDemo-CA, OU = 3SCDemo a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Sep 13 18:35:02 2025 GMT; NotAfter: Sep 13 18:35:02 2026 GMT Here we can see that your NiFi-Registry certificate has been signed/Issued by the CA "CN=3SCDemo-CA, OU=3SCDemo". What you have not shared yet is details from the other side of this mutualTLS connection. If you ran the same openssl command pointing at your NiFi node it would show us some of the TLS connection details.  You would want to look at the same NiFi's certificate chain and the NiFi's acceptable client certificate CA Names form that output.  The CA names list must include the following to be able to trust the NiFi-Registry's serverAuth certificate: CN = 3SCDemo-CA, OU = 3SCDemo Then you want to look at the NiFi's certificate chain and make sure that all root and intermediate CAs in the trust chain exist in your NiFi-Registry's truststore.   Currently your NiFi-Registry only trusts its own certificate and the one above CA.    Also keep in mind the following: If you have a NiFi cluster setup, every node in the Nifi cluster must be able to establish a mutualTLS connection with your NiFi-Registry and not just the node URL you are currently connected to for UI access. If you do not have the following setting set to "TRUE" in the nifi.properties file, any changes made to the keystore and truststore are not loaded into NiFi until a NiFi restart:  "nifi.security.autoreload.enabled".  the default setting is FALSE.  Reference: Security Configuration   Please help our community grow. If you found any of the suggestions/solutions provided helped you with solving your issue or answering your question, please take a moment to login and click "Accept as Solution" on one or more of them that helped. Thank you, Matt   ... View more

@muahmmed  We would need to know what is being logged in the nifi-registry-app.log during startup. Thank you, Matt ... View more

@Kiranq  If your CPU load average is low relative to the number of cores you have on your Server running NiFi, you could increase the Max timer thread pool.  A typical starting point is 2 to 4 times the number of cores. Also suggest running diagnostics (./nifi.sh diagnostics) and inspecting that output. Also check if you have any processors configured with a higher concurrent tasks value. Thanks, Matt ... View more

@Rashad_K  What does NiFI provenance show for the duplicate inserts? Do you see the same NiFi FlowFile (by FlowFile UUID) being successfully inserted? Does the issue persist if your change the run duration from 25ms to 0ms? Please help our community grow. If you found any of the suggestions/solutions provided helped you with solving your issue or answering your question, please take a moment to login and click "Accept as Solution" on one or more of them that helped. Thank you, Matt ... View more

@nifirequest  This appears to be a duplicate to the following community question: https://community.cloudera.com/t5/Support-Questions/How-we-ignore-hostname-verification-certificate-for-minifi/td-p/412577 Did the response in that thread not help you? Thank you, Matt ... View more