@jai1gupta  What makes you think your NiFi is not secured over https? You did not share your nifi.properties web  properties. If you have set the following properties:   nifi.web.https.host=<hostname> nifi.web.https.port=<port>   and have configured the NiFi keystore and truststore properties (which you did share), the your NiFi would have started at logged url being available over HTTPS://<hostname>:<port>/nifi My guess is your issue probably extends from the use of "localhost" instead of an actual resolvable hostname. If you found any of the suggestions/solutions provided helped you with your issue, please take a moment to login and click "Accept as Solution" on one or more of them that helped. Thank you, Matt ... View more

@jai1gupta  Yes NiFi out-of-the-box in the latest releases is secured to run over HTTPS. However, that out of the box default setup is very basic (non production setup) to allow users to work within a secured NiFi.  Its default setup utilizes the Single-User-Provider authentication login provider (configured in login-identity-providers.xml) and single-user-authorizer configured in the authorizers.xml.  This out-of the-box provider does not support multi-user capability.  For multi-user production ready deployments with ability to define very granular access controls, you'll need to use a different authentication provider (Most commonly used is probably the ldap-provider) and different authorize (most commonly used is the  StandardManagedAuthorizer configured to use the file-user-group-provider and file-access-policy-provider).  NiFi does not offer any built in multi-user provider that allows you to create local to NiFi users with passwords. keeping above in mind, you are trying to use the OpenID authentication method.  This still means you must be using a different Authorizer.  The single-user-authorizer can only be used with the Single-user-provider.  More detail around your setup, OpenID exceptions, etc is needed to help here.  If you found any of the suggestions/solutions provided helped you with your issue, please take a moment to login and click "Accept as Solution" on one or more of them that helped. Thank you, Matt ... View more

@jai1gupta For Browsers like Chrome that are integrated with Apple Mac Keychain access, you will want to convert that p12 in to a cer and then import the cer. openssl pkcs12 -in CN=admin_OU=lending.p12 -clcerts -nokeys -out CN=admin_OU=lending.cer Then try importing the cer file that above output in to keychain access. If you have Firefox installed on your Apple Mac, then you could launch Firefox ---> preferences --> Privacy & Security (scroll down to "Security" section) --> click "View Certificates" -->  select "Your Certificates" --> then click "Import" (select your p.12 file). If you found any of the suggestions/solutions provided helped you with your issue, please take a moment to login and click "Accept as Solution" on one or more of them that helped. Thank you, Matt ... View more