I have the same problem and the solucion is ridiculous easy. I set the secure docker nifi instance and I call the instance as nifi, I also set the secure docker nifi-registry and I call it as nifi-registry. I register the user in nifi-registry as "CN=nifi, OU=NIFI" (the devil is in the detail, be sure you use OU=NIFI and not OU=nifi or OU=Nifi). I discovery this using this logback.xml setting the level of logger from INFO to TRACE nifi <logger name="org.apache.nifi.registry" level="TRACE"/>  nifi-registry <logger name="org.apache.nifi" level="TRACE"/> After that I check in the docker log docker logs nifi-registry -f You there will find something like Authorizing proxy [identity[CN=nifi, OU=NIFI], groups[]] for write Also I suggest you read this post https://community.hortonworks.com/articles/171173/setting-up-a-secure-nifi-to-integrate-with-a-secur.html In the section "Localhost User Configuration in Registry", think you are not making the request from localhost but from nifi docker instance.   If this solves your problem, please accept this as answer so others running into it can find this solution. Thanks! ... View more

Hello. I have try to find information about how to generate new certificates that support ClientAuth and ServerAuth and I did not find something about it. Could You explain me how to do it? Thanks.   "You are going to need to generate new certificates for all your NIFi nodes that support both ClientAuth and ServerAuth." ... View more