Github user alopresto commented on the issue:
https://github.com/apache/nifi/pull/2927
@pepov Please provide the bash history (if possible) or list the steps you
took to generate those certificates which resulted in those errors. I will also
try to reproduce with a TinyCert certificate. It may be that the generated cert
(**intermediate CA**) doesn't have the key usage for *Certificate Signing* [see
[https://www.ibm.com/support/knowledgecenter/en/SSKTMJ_9.0.1/admin/conf_keyusageextensionsandextendedkeyusage_r.html](Key
Usage Extension and Extended Key Usage)].
---
