Nevermind!!!  Problem solved -- setting up the mTLS stuff on NiFi was extremely hard for me. The hardest thing, I think, is just making sure that all of the certs are properly set up and configured. I finally got that done.  Key takeaways for me (hopefully making it more simple than the documentation): 1. Because NiFi 2.0.x is now using Java 21 and Jetty 10, it's super persnickety about security, etc. The key issue here is that if you are having 'Invalid SNI' issues (Server Name Indication), it is more likely than not because you don't have your SAN (Subject Alternate Name) set up correctly in your certificates. Bottom-line here, is that Version 2.0.X doesn't allow for ip addresses anymore if you are going to secure the instance. They have to be hostnames. 2. Since you are required to get the hostname issue correct, it could get very complicated. In my case, I was already running a DNS server, so it made it a lot easier, but if you don't have a DNS server, you either need to mod your /etc/hosts file (if you are running NiFi from a local machine), or introduce a DNS server into the mix, or something similar... 3. If you want to have a secured version of NiFi running, and if you want to use it in SINGLE USER mode, that appears to still work ONLY if you access it from the local machine running NiFi, wherein you can use `https://localhost:portnumber/nifi`. 4. However, if you want to use NiFi in mTLS mode (or LDAP, etc.), then you appear to lose the capability of accessing NiFi via `localhost`. So you have to do something to resolve the DNS/Hostname issues. AND critically, your SAN information in your certificates needs to match the hostname, or it won't work properly. 5. Do not make the mistake of thinking you can generate certs without SAN information. This just doesn't seem to work, at all in version 2.0.x I'm hopeful that this is helpful to someone else. Thanks. ... View more