Wildcard certificates (i.e. two nodes
node2.nifi.apache.org being assigned the same certificate with a CN or SAN entry of
*.nifi.apache.org) are not officially supported and not recommended. There are numerous disadvantages to using wildcard certificates, and a cluster working with wildcard certificates has occurred in previous versions out of lucky accidents, not intentional support. Wildcard SAN entries are acceptable if each cert maintains an additional unique SAN entry and CN entry.