Using Splunk Enterprise 8.2.4 on Windows and trying to configure my forwarders to use SSL to forward events to my indexers. Client certificate verification is not enabled on the indexer. Reading the guide here it states some config aspects that don't seem to be true from testing:

sslPassword = <password>
* The password associated with the Certificate Authority certificate (CAcert).

Is this  not the password for the client cert (server.pem by default) rather than CACert? Also, is states:

useSSL = <true|false|legacy>
* Whether or not the forwarder uses SSL to connect to the receiver, or relies
  on the 'clientCert' setting to be active for SSL connections.
* You do not need to set 'clientCert' if 'requireClientCert' is set to
  "false" on the receiver.

This appears to indicate that you can use SSL without a client certificate (which would be great!). However, if I simply add  useSSL=true to my forwarder outputs.conf the SSL connection does not come up and the following is showing splunkd.log indicating it is looking for a client certificate file:

03-30-2022 23:39:47.933 +0100 ERROR SSLCommon [31888 parsing] - Can't read certificate file errno=33558528 error:02001000:system library:fopen:system library

My outputs.conf is as follows:

[tcpout:test-ssl-1]
disabled = 0
server = indexer1.mydomain.com:9998
useSSL = true
useClientSSLCompression = true
sslVerifyServerCert = false

This outputs.conf does work:

[tcpout:test-ssl-1]
disabled = 0
server = indexer1.mydomain.com:9998
useSSL = true
useClientSSLCompression = true
sslVerifyServerCert = false
sslCommonNameToCheck = indexer1
sslAltNameToCheck = indexer1.mydomain.com
sslRootCAPath = C:\Program Files\SplunkUniversalForwarder\etc\auth\MyPKIChain.pem

 I have no idea why the 2nd config works! sslVerifyServerCert  is false.