@MattWho  Thanks for the answers ! You're right in my nifi.properties : nifi.security.needClientAuth is set to false. My version of nifi is an old one (1.9.2). I will pay more attention during my next upgrade.   My nifi and my nifi-registry are both secured. I have only added the CN of my nifi app cert into authorizers.xml file (userGroupProvider and accessPolicyProvider). ... View more

@MattWho  Hi Matt,   For your third point : 3. PrivateKeyEntry supports clientAuth and serverAuth Extended Key Usage (EKU) -> do you mean needs both ? Can you give a situation where we need both attributes ? I have a nifi cluster with 3 servers for each and in each cert I only have one EKU (serverAuth) but my 3 servers can still communicate between them. Even nifi and nifi-registry can communicate too with only one attribute in EKU field.  ... View more