diff --git a/roles/nifi/files/common-cacerts.jks b/roles/nifi/files/common-cacerts.jks
new file mode 100644
index 0000000000000000000000000000000000000000..200a005f89ab6e2ba316460b071979aa9f5b8c58
Binary files /dev/null and b/roles/nifi/files/common-cacerts.jks differ
diff --git a/roles/nifi/tasks/main.yml b/roles/nifi/tasks/main.yml
index 30cb34c31c3b682f41c21336e1feae40b44a0ab9..6a7db1549311f1064b69a58ad15f60fa2f3267c5 100644
--- a/roles/nifi/tasks/main.yml
+++ b/roles/nifi/tasks/main.yml
@@ -22,6 +22,7 @@
   with_items:
     - "{{ inventory_hostname }}.p12"
     - cacerts.jks
+    - common-cacerts.jks
   tags:
     - start
 
diff --git a/roles/nifi/templates/flow.xml.j2 b/roles/nifi/templates/flow.xml.j2
index 772e2770a63ea5222145d4adcd53a97ffb3b3005..ed7d7a84258de5752e6d641a2c6f21dd4e33fab6 100644
--- a/roles/nifi/templates/flow.xml.j2
+++ b/roles/nifi/templates/flow.xml.j2
@@ -9856,7 +9856,7 @@
             </property>
             <property>
               <name>Password</name>
-              <value>enc{712194e912fcd1c53d1e0ec7aca9dee896e1b6ee2b9c9cbdf90c8de6958862d9b2be6f0cbf23337863c95a23c289bae8}</value>
+              <value>enc{7b058219496226c432334bb2328fd6ac2e18b4a882f6f4cf620b3247dee61c302fe4f23f7f176a6ccab993575feaf57a}</value>
             </property>
             <property>
               <name>elasticsearch-http-connect-timeout</name>
@@ -10676,7 +10676,7 @@
           <yieldPeriod>1 sec</yieldPeriod>
           <bulletinLevel>WARN</bulletinLevel>
           <lossTolerant>false</lossTolerant>
-          <scheduledState>STOPPED</scheduledState>
+          <scheduledState>RUNNING</scheduledState>
           <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
           <executionNode>ALL</executionNode>
           <runDurationNanos>0</runDurationNanos>
@@ -10727,7 +10727,7 @@
           <yieldPeriod>1 sec</yieldPeriod>
           <bulletinLevel>WARN</bulletinLevel>
           <lossTolerant>false</lossTolerant>
-          <scheduledState>STOPPED</scheduledState>
+          <scheduledState>RUNNING</scheduledState>
           <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
           <executionNode>ALL</executionNode>
           <runDurationNanos>0</runDurationNanos>
@@ -10741,7 +10741,7 @@
           </property>
           <property>
             <name>SSL Context Service</name>
-            <value>83443c00-b286-366a-b8e0-2f51527ab8e5</value>
+            <value>8972e39a-0176-1000-ffff-ffffb8dd96f4</value>
           </property>
           <property>
             <name>Username</name>
@@ -10799,7 +10799,7 @@
           <yieldPeriod>1 sec</yieldPeriod>
           <bulletinLevel>WARN</bulletinLevel>
           <lossTolerant>false</lossTolerant>
-          <scheduledState>STOPPED</scheduledState>
+          <scheduledState>RUNNING</scheduledState>
           <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
           <executionNode>ALL</executionNode>
           <runDurationNanos>0</runDurationNanos>
@@ -11059,7 +11059,7 @@
           <yieldPeriod>1 sec</yieldPeriod>
           <bulletinLevel>WARN</bulletinLevel>
           <lossTolerant>false</lossTolerant>
-          <scheduledState>STOPPED</scheduledState>
+          <scheduledState>RUNNING</scheduledState>
           <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
           <executionNode>ALL</executionNode>
           <runDurationNanos>0</runDurationNanos>
@@ -12017,7 +12017,7 @@
           <yieldPeriod>1 sec</yieldPeriod>
           <bulletinLevel>WARN</bulletinLevel>
           <lossTolerant>false</lossTolerant>
-          <scheduledState>STOPPED</scheduledState>
+          <scheduledState>RUNNING</scheduledState>
           <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
           <executionNode>ALL</executionNode>
           <runDurationNanos>0</runDurationNanos>
@@ -12565,6 +12565,46 @@
         <value>region</value>
       </property>
     </controllerService>
+    <controllerService>
+      <id>8972e39a-0176-1000-ffff-ffffb8dd96f4</id>
+      <name>Common CA</name>
+      <comment />
+      <class>org.apache.nifi.ssl.StandardSSLContextService</class>
+      <bundle>
+        <group>org.apache.nifi</group>
+        <artifact>nifi-ssl-context-service-nar</artifact>
+        <version>1.12.1</version>
+      </bundle>
+      <enabled>true</enabled>
+      <property>
+        <name>Keystore Filename</name>
+      </property>
+      <property>
+        <name>Keystore Password</name>
+      </property>
+      <property>
+        <name>key-password</name>
+      </property>
+      <property>
+        <name>Keystore Type</name>
+      </property>
+      <property>
+        <name>Truststore Filename</name>
+        <value>/opt/nifi/nifi-current/conf/common-cacerts.jks</value>
+      </property>
+      <property>
+        <name>Truststore Password</name>
+        <value>enc{d29783c1ee73a853528fcca52cc3290be47bee59e798ef217823358940cc450f}</value>
+      </property>
+      <property>
+        <name>Truststore Type</name>
+        <value>JKS</value>
+      </property>
+      <property>
+        <name>SSL Protocol</name>
+        <value>TLS</value>
+      </property>
+    </controllerService>
     <controllerService>
       <id>bbd4d3a2-0175-1000-0000-00000b0fb8bd</id>
       <name>Tor node CSV</name>
@@ -12945,7 +12985,7 @@
     </controllerService>
     <controllerService>
       <id>83443c00-b286-366a-b8e0-2f51527ab8e5</id>
-      <name>Common CA</name>
+      <name>Soctools CA</name>
       <comment />
       <class>org.apache.nifi.ssl.StandardRestrictedSSLContextService</class>
       <bundle>
@@ -12972,7 +13012,7 @@
       </property>
       <property>
         <name>Truststore Password</name>
-        <value>enc{c8226c8abe9522ac00a615ac3fb99470788ecf97d81785894b496a638f5072e4}</value>
+        <value>enc{0942bb00127810c864d39e9d08a35d84e4f192ccc3f20fb8f99fe898d8fbb620}</value>
       </property>
       <property>
         <name>Truststore Type</name>