@VijaySankar Unfortunately with the information you have shared, it is not possible for me to validate what the issue is here. I would need to output from the openssl commands i shared earlier to help. openssl s_client -connect <server hostname>:<server port> Also the verbose listing of both your keystore and truststore files would be needed: keytool -v -list -keystore keystore.jks
keytool -v -list -keystore nifi.com.jks The target server is what decides if connection is going to use mutual auth or not. The invokeHTTP is the client side of this connection and only provides what the server asks for in the server hello response. It is possible also in that server hello response that the server wants a client certificate; however, the list of CAs sent in that server hello response does not contain a CA capable of trusting your clientAuth PrivateKeyEntry in your nifi.com.jks. In that case client would not send the client certificate since server is incapable of trusting it. Matt
... View more
