@pnac03  A MutualTLS connection is established between NiFi and NiFi-Registry.  This means trust is established in both directions. You shared only the output from an openssl command connection to your NiFi-Registry. In that output we see that you NiFi-Registry reports the following: Acceptable client certificate CA names CN = 3SCDemo-CA, OU = 3SCDemo CN = nifi-registry, OU = 3SCDemo This tells us that your NiFi-Registry will only accept clientAuth certificates signed by the authorities listed in above output. Also from that same openssl command output we can see the following details of your NiFi-Registry's serverAuth certificate: Certificate chain 0 s:CN = nifi-registry, OU = 3SCDemo i:CN = 3SCDemo-CA, OU = 3SCDemo a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Sep 13 18:35:02 2025 GMT; NotAfter: Sep 13 18:35:02 2026 GMT Here we can see that your NiFi-Registry certificate has been signed/Issued by the CA "CN=3SCDemo-CA, OU=3SCDemo". What you have not shared yet is details from the other side of this mutualTLS connection. If you ran the same openssl command pointing at your NiFi node it would show us some of the TLS connection details.  You would want to look at the same NiFi's certificate chain and the NiFi's acceptable client certificate CA Names form that output.  The CA names list must include the following to be able to trust the NiFi-Registry's serverAuth certificate: CN = 3SCDemo-CA, OU = 3SCDemo Then you want to look at the NiFi's certificate chain and make sure that all root and intermediate CAs in the trust chain exist in your NiFi-Registry's truststore.   Currently your NiFi-Registry only trusts its own certificate and the one above CA.    Also keep in mind the following: If you have a NiFi cluster setup, every node in the Nifi cluster must be able to establish a mutualTLS connection with your NiFi-Registry and not just the node URL you are currently connected to for UI access. If you do not have the following setting set to "TRUE" in the nifi.properties file, any changes made to the keystore and truststore are not loaded into NiFi until a NiFi restart:  "nifi.security.autoreload.enabled".  the default setting is FALSE.  Reference: Security Configuration   Please help our community grow. If you found any of the suggestions/solutions provided helped you with solving your issue or answering your question, please take a moment to login and click "Accept as Solution" on one or more of them that helped. Thank you, Matt   ... View more