I have installed and configured NiFi 2.0 with TLS. My nifi 2.0 instance appears to start without errors, judging by the contents of nifi-app.log.
When I try to access my nifi instance through its https setting in nifi.properties, I get this error in my browser: This site can’t provide a secure connection ec2-44-219-227-80.compute-1.amazonaws.com didn’t accept your login certificate, or one may not have been provided. Try contacting the system admin. ERR_BAD_SSL_CLIENT_AUTH_CERT Normally I would expect to be prompted to select admin's login cert from the list of trusted certs. But I am not getting prompted - it just throws the error. I had employed tinycert.org to generate my cacert.pem, my server cert and private key, and a client cert and private key for my admin user. This is how I brought the server private key and cert into my keystore: openssl pkcs12 -export -out keystore.p12 -inkey ec2-44-219-227-80-key.pem -in ec2-44-219-227-80.pem -certfile cacert.pem This is how I imported my cacert into the nifi truststore with java keytool: keytool -import -alias "CACert" -file cacert.pem -keystore truststore.jks -storepass <truststore password> This is how I converted my client cert and key, which I then added to my browser cert store: openssl pkcs12 -export -out admin.p12 -inkey admin-key.pem -in admin.pem -certfile cacert.pem I have configured the cacert in my nifi truststore.jks. I have the server cert and private key in my keystore.p12. (I had read that jks for one and p12 for the other is not an issue). I have installed the cert and private key for user admin in my Chrome browser. I also installed the cacert.pem CA in my browser trusted root store. Here are my keystore, truststore, and https params in nifi.properties: nifi.web.https.host=ec2-44-219-227-80.compute-1.amazonaws.com nifi.web.https.port=8443 ... nifi.security.keystore=/opt/nifi/config_resources/keys/keystore.p12 nifi.security.keystoreType=PKCS12 nifi.security.keystorePasswd=<.....> nifi.security.keyPasswd=<.....> nifi.security.truststore=/opt/nifi/config_resources/keys/truststore.jks nifi.security.truststoreType=JKS nifi.security.truststorePasswd=<truststore pwd> My authorizers.xml file is configured like this: <?xml version='1.0' encoding='UTF-8'?> <authorizers> <!-- --> <!-- <userGroupProvider/> --> <!-- --> <userGroupProvider> <identifier>file-user-group-provider</identifier> <class>org.apache.nifi.authorization.FileUserGroupProvider</class> <property name="Users File">/opt/nifi/config_resources/users.xml</property> <property name="Initial User Identity 1">CN=admin, OU=NIFI</property> </userGroupProvider> <accessPolicyProvider> <identifier>file-access-policy-provider</identifier> <class>org.apache.nifi.authorization.FileAccessPolicyProvider</class> <property name="User Group Provider">file-user-group-provider</property> <property name="Initial Admin Identity">CN=admin, OU=NIFI</property> <property name="Authorizations File">/opt/nifi/config_resources/authorizations.xml</property> </accessPolicyProvider> <authorizer> <identifier>managed-authorizer</identifier> <class>org.apache.nifi.authorization.StandardManagedAuthorizer</class> <property name="Access Policy Provider">file-access-policy-provider</property> </authorizer> </authorizers> My Security Group on my ec2 instance has a rule to permit 8443 for my IP address. What have I overlooked? Thanks in advance for any help.