@Ashwani  This could be a Proxy configuration issue, could be SAN issue, or something else. I'd suggest enabling developer tools in your browser and observe the network transactions when you attempt to access your NiFi. There is no correlation between you current setup and the fact that it worked when using the Single User authentication.  Single User utilizes a local username and Password to authenticate your user. When you have the single user provider configured authentication and then try to access NiFi, NiFi will "WANT" a client certificate.  If the Client does not provide a trusted clientAuth certificate in that TLS exchange, NiFi will try the next configured user authentication method.  In that setup that would be the single user provider. I am not sure the complete setup you have in place now, but if TLS is only method configured for user authentication, NiFi will "Require" a trusted clientAuth certificate is presented.  If a trusted certificate can not be provided, NiFi simply closes the connection. It is the responsibility of the Proxy to facilitate the passing of the clientAuth certificate to the NiFi.   I see from your shared images numerous IP addresses.   The screenshot from your browser shows a 3.x.x.x address, the configured proxy.host is a 18.x.x.x address, and your NiFi node is a 172.x.x.x address.  What is this 3.x.x.x address for? I suggest adding the address you use in your browser as a SAN entry as well. The shared certificates all look correct except for possibly needing that additional 3.x.x.x address as a SAN entry. Have you tried using openssl to observer the TLS exchange (serverHello) response when you try to initiate a connection to the NiFi? openssl s_client -connect <ipaddress or hostname>:<port> -showcerts I'd expect in the serverHello a listed of trusted authorities (localhost from your NiFi truststore). If you are not getting that but some other list, your Proxy is trying to negotiate a TLS exchange instead of proxying the exchange with the NiFi endpoint maybe.   Also possible your proxy is not passing the clientAuth certificate to your NiFi or the proxy is trying to establish its own TLS handshake with NiFi to which a successful mutualTLS handshake is not successful. And just for completeness, you did load your client certificate in to your browser? Hope this helps you with your journey. If you found any of the suggestion/solution provided helped you with your issue, please take a moment to login and click "Accept as Solution" on one or more of them that helped. Thank you, Matt   ... View more