Convert the certificate from PEM to PKCS12 using openssl openssl pkcs12 -export -out keystore.p12 -in mydomain.crt Provide a strong password when prompted I don't know if it's a version issue but I only got the first instruction working adding the " -inkey mydomain.key"   openssl pkcs12 -export -inkey mydomain.key -in mydomain.crt -out keystore.p12   The rest of the article is great. Thanks for the explanation     ... View more

Want to add some clarity to this last comment: ListenHTTP requires 2-way TLS when enabled if a SSLContextService has been configured with a truststore.  The truststore is used to trust the client certificate presented by the client, for the purpose of authentication, connecting to this secured ListenHTTP processor.     If only a keystore and no truststore is configured in the SSLContext service, the ListenHTTP will not require that clients present a client certificate. The server certificate from the keystore will be presented to the client so the client can verify that it trusts the server (NiFI listenHTTP jetty server) that it is connecting with. ... View more

Hi Alo,   We did the SSL on Nifi server with CA signed certificates but not Nifi CA. I now want to create once client certificate to authenticate to Nifi can you please help me outline the steps.   ... View more