Is the provate key encrypted with a password?

Commonly you would set all three of these parameters:

privKeyPath = <path>
* The path to the file containing the web server SSL certificate private key.
* A relative path is interpreted relative to $SPLUNK_HOME and may not refer
  outside of $SPLUNK_HOME (e.g., no ../somewhere).
* You can also specify an absolute path to an external key.
* See also 'enableSplunkWebSSL' and 'serverCert'.
* No default.

serverCert = <path>
* Full path to the Privacy Enhanced Mail (PEM) format Splunk web server certificate file.
* The file may also contain root and intermediate certificates, if required.
  They should be listed sequentially in the order:
    [ Server SSL certificate ]
    [ One or more intermediate certificates, if required ]
    [ Root certificate, if required ]
* See also 'enableSplunkWebSSL' and 'privKeyPath'.
* Default: $SPLUNK_HOME/etc/auth/splunkweb/cert.pem

sslPassword = <password>
* Password that protects the private key specified by 'privKeyPath'.
* If encrypted private key is used, do not enable client-authentication
  on splunkd server. In [sslConfig] stanza of server.conf,
  'requireClientCert' must be 'false'.
* Optional.
* Default: The unencrypted private key.

servercert should contain the certificate issued for your server, followed by any intermediates. You should leave the private key in a seperate file. It should also NOT contain the csr.
You may need to convert the crt file to pem, in which case use this command:

openssl x509 -in ca_provided_certificate.com.cr -out certificate.pem

This means your config should look similar to the following

[settings]
enableSplunkWebSSL = true
serverCert = /application/splunk/etc/auth/splunkweb/certificate.pem
    
privKeyPath =/application/splunk/etc/auth/splunkweb/server_name.key
sslPassword = your PrivateKey  password