I have the same problem and the solucion is ridiculous easy. I set the secure docker nifi instance and I call the instance as nifi, I also set the secure docker nifi-registry and I call it as nifi-registry. I register the user in nifi-registry as "CN=nifi, OU=NIFI" (the devil is in the detail, be sure you use OU=NIFI and not OU=nifi or OU=Nifi). I discovery this using this logback.xml setting the level of logger from INFO to TRACE nifi <logger name="org.apache.nifi.registry" level="TRACE"/>  nifi-registry <logger name="org.apache.nifi" level="TRACE"/> After that I check in the docker log docker logs nifi-registry -f You there will find something like Authorizing proxy [identity[CN=nifi, OU=NIFI], groups[]] for write Also I suggest you read this post https://community.hortonworks.com/articles/171173/setting-up-a-secure-nifi-to-integrate-with-a-secur.html In the section "Localhost User Configuration in Registry", think you are not making the request from localhost but from nifi docker instance.   If this solves your problem, please accept this as answer so others running into it can find this solution. Thanks! ... View more

@louis_allen  You should avoid asking additional questions on an existing post that already has an accepted solution.  If the accepted solution does not resolve your issue that you may be having a different problem.   You would get better visibility and a help if you were to start a new question. That being said, if you are having a "javax.net.ssl.SSLHandshakeException", you issue is during client authentication and have not even the point of verifying client authorization.  So you need to take a closer look at the keystores and truststores you have setup on both your NiFi and NiFi-Registry to make sure that a mutual TLS handshake can be successfully negotiated. Feel free to ping me if you start a new community question. Hope this helps, Matt ... View more