When testing Java 11 build compatibility, I found an issue with TLS certificates when using a remote process group looped back to an input port on the same cluster. The same certificates were used for JDK8/JRE8, JDK8/JRE11, JDK11/JRE11 ie. they contained relevant SAN entries in each case.
Building on JDK 1.8.0_172 and run on JRE11.0.5+10 caused exceptions when attempting to send to local input port with RPG:
2019-08-13 18:17:07,946 WARN [Http Site-to-Site PeerSelector] o.apache.nifi.remote.client.PeerSelector Could not communicate with natog0.com:9551 to determine which nodes exist in the remote NiFi cluster, due to javax.net.ssl.SSLPeerUnverifiedException: Certificate for <natog0.com> doesn't match any of the subject alternative names: [natog1.com]
2019-08-13 18:17:07,946 WARN [Http Site-to-Site PeerSelector] o.apache.nifi.remote.client.PeerSelector org.apache.nifi.remote.client.PeerSelector@6d5e02f8 Unable to refresh Remote Group's peers due to Unable to communicate with remote NiFi cluster in order to determine which nodes exist in the remote cluster
But did not see this error on the matching builds (JDK8/JRE8, JDK11/JRE11).