Distributing certificates to forwarders for the indexer configuration works fine in Splunk.
But what about the management communication?
It seems to be a chicken and egg problem.
Can this be done via the deployment mechanism, sending the forwarders appropriate configuration and certificates?
But then as soon as that configuration is active, the deployment server will no longer accept the connections until that is switched as well. Or is there a fallback mechanism to internal certs that allows a smooth transition?