@jfs912   The NiFi toolkit was removed with the NiFi 2.0 releases.  See below for more details on why that decision was made. https://lists.apache.org/thread/vn1nzobtz4fh7fs461sgg8jj9zygrk0f I am not well versed on cetic helm charts, so not going to be able to provide specific guidance there.  The bottom line is there is nothing special about toolkit generated certficates.  I see no reason why you coudl not use the ca from cetic as long as the certificates meet the NiFi requirements for EKUs, SANs, Wildcards.. A NiFi or NiFi-Registry keystore: - Must contain ONLY one PrivateKeyEntry. - PrivateKeyEntry DN must not use wildcards. - PrivateKeyEntry  Extended Key Usage (EKU) must support ClientAuth and ServerAuth - PrivateKeyEntry must contain one or more SAN entries. A SAN must match the hostname used by NiFi A NiFi or NiFi-Registry Keystore. (typically same truststore is used by both): - Must contain the complete trust chain for at clientAuth Certificate used to connect with NIFi.  This includes any intermediate and root CA in the trust chain.  Please help our community grow. If you found any of the suggestions/solutions provided helped you with solving your issue or answering your question, please take a moment to login and click "Accept as Solution" on one or more of them that helped. Thank you, Matt   ... View more

@jfs912 Has the reply helped resolve your issue? If so, please mark the appropriate reply as the solution, as it will make it easier for others to find the answer in the future. Thanks. ... View more