Hi, A common mistake with tls-toolkit is generating keystore and truststore for each node using DIFFERENT NiFi CA Cert. If tls-toolkit standalone is executed against different output directories, it may produce different NiFi CA in each directory.
Please check both of s2s client and server truststores have the same NiFi CA Cert. To do so, use keytool command: keytool -list -keystore truststore.jks nifi-cert, Feb 9, 2018, trustedCertEntry, Certificate fingerprint (SHA1): FE:0D:FE:0D:72:40:0A:7E:49:45:1B:78:D9:F5:F4:6E:A2:3C:92:E5 If that's not the case, then I'd recommend adding -Djavax.net.debug=all Java option to debug further. You can add Java options from ${NIFI_HOME}/conf/bootstrap.conf. https://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/ReadDebug.html Thanks, Koji On Fri, Feb 23, 2018 at 9:01 AM, yi <yuma.iwas...@austal.com> wrote: > Apologies, I should clarify that I still do not have communication working > site to site. Please assist. Thank you. > > > > -- > Sent from: http://apache-nifi-developer-list.39713.n7.nabble.com/