@Ghilani  The Invalid SNI is caused by the server certificate presented in the TLS exchange not containing a SubjectAlternativeName (SAN) matching the hostname in the request URL. Valid SAN entries are required by the latest version of Java. The solution is to issue new certificates for your NiFi instance(s) that contain all possible SANs used when connecting to the NiFi. So you should have a SAN entry for you NiFi hostname as well as any alternative names used in connection URLs like "nifi" coming form your proxy to NiFi. Please help our community grow. If you found any of the suggestions/solutions provided helped you with solving your issue or answering your question, please take a moment to login and click "Accept as Solution" on one or more of them that helped. Thank you, Matt ... View more

It works fine @archie ! Thanks! This is my following snipped docker-compose code: nifi-registry: image: apache/nifi-registry:1.23.2 container_name: nifi-registry hostname: nifi-registry restart: "no" ports: - 18443:18443 volumes: - ./nifi/certs/localhost:/opt/certs environment: TZ: America/Sao_Paulo NIFI_REGISTRY_WEB_HTTPS_PORT: 18443 AUTH: oidc KEYSTORE_PATH: /opt/certs/keystore.jks KEYSTORE_TYPE: JKS KEYSTORE_PASSWORD: changeit TRUSTSTORE_PATH: /opt/certs/truststore.jks TRUSTSTORE_PASSWORD: changeit TRUSTSTORE_TYPE: JKS INITIAL_ADMIN_IDENTITY: test@test.com NIFI_REGISTRY_SECURITY_USER_OIDC_DISCOVERY_URL: http://<LOCAL_KEYCLOAK_IP>:8080/realms/TEST/.well-known/openid-configuration NIFI_REGISTRY_SECURITY_USER_OIDC_CONNECT_TIMEOUT: 10000 NIFI_REGISTRY_SECURITY_USER_OIDC_READ_TIMEOUT: 10000 NIFI_REGISTRY_SECURITY_USER_OIDC_CLIENT_ID: nifi NIFI_REGISTRY_SECURITY_USER_OIDC_CLIENT_SECRET: <CLIENT_SECRET> NIFI_REGISTRY_SECURITY_USER_OIDC_PREFERRED_JWSALGORITHM: RS256 NIFI_REGISTRY_SECURITY_USER_OIDC_ADDITIONAL_SCOPES: openid,email,profile NIFI_REGISTRY_SECURITY_USER_OIDC_CLAIM_IDENTIFYING_USER: preferred_username networks: - test-net     ... View more