I am attempting to upgrade an existing LFC on a Windows server and use a SSL certificate for encryption and authentication of this machine.
I am attempting to use a certificate issued by our own certificate authority (CA).
I have followed the instructions as outlined in; http://www.splunk.com/base/Documentation/latest/Deploy/DeployaWindowsdfmanually and read http://www.splunk.com/base/Documentation/latest/Admin/UseSSLtoencryptandauthenticatedatafromforwarde...

I did this through the installation wizard (GUI), just to see what it requests.
I specify a computer certificate, the password and a Root CA certificate to verify the identity of the certificate in .cer format.
No matter what I do I get a SSLCommon error either that “can’t read CA list” or “Error initializing SSL context - invalid sslCertPath for server”
My question is; what format do I need to have these files in? Do I need to convert these to .pem files?
I converted the files .pem using openssl but I still get the same error.
Is the privkey supposed to be the CA certificate and associated chain, or the computer certificate private key?

Sample output.conf

sslCertPath = C:\Program Files\SplunkUniversalForwarder\etc\system\local\certs\cert.pem   
sslPassword = $2$Pa$$W0rdHERE=   
sslRootCAPath =C:\Program Files\SplunkUniversalForwarder\etc\system\local\certs\privkey.pem