I have followed all of Splunk's documentation to be able to use certificates signed by a local Certificate Authority and have tried to set up the SSL configuration in server.conf, inputs.conf, and outputs.conf, but no matter what the connection between Indexer and Forwarders cannot be established because the Indexer actively refuses to allow this connection.
For the configuration of SSL in the forwarders I have a custom app that is pushed using the Deployment Server capabilities.
The server.conf in the indexer's .../system/local:
[sslConfig]
sslRootCAPath = /path/to/RootCA.pem
sslVersions = tls1.2
The inputs.conf in the indexer's .../system/local:
[splunktcp-ssl://9997]
connection_host = ip
disabled = 0
[SSL]
serverCert = /path/to/serverCert.pem
requireClientCert = true
sslVersions = tls1.2
The server.conf in the forwarder's .../app//local
[sslConfig]
sslRootCAPath = /path/to/app/RootCA.pem
sslVersions = tls1.2
The outputs.conf in the forwarder's .../app//local
[tcpout]
useSSL = true
clientCert = /path/to/app/clientCert.pem
useACK = true
sslVersions = tls1.2
Essentially, I have three .pem files, RootCA.pem (this one in the server.conf of both Indexer and Forwader), serverCert.pem (this one in the inputs.conf of the Indexer), and clientCert.pem (this one in the outputs.conf in the Forwarder). I want to make sure that communication between Deployment Server and Forwarder does not require certificates as I am trying to install the Forwarders with a script and have it pull the certificates and configuration so it can then communicate with the receiving port (9997).
What am I doing wrong? I followed these instructions:
https://docs.splunk.com/Documentation/Splunk/7.3.4/Security/HowtoprepareyoursignedcertificatesforSpl...
https://docs.splunk.com/Documentation/Splunk/7.3.4/Security/ConfigureSplunkforwardingtousesignedcert...
And I am running Splunk 7.3.4