Before I go and purchase certificates I wanted to ask a quick question about SSL certificates, in particular wildcard certificates.
We have a couple search heads, a few more indexers and lots of forwarders and want to start encrypting data for both forwarders to indexers, from the search heads to indexers and for users (splunk web).
We don't want to use the splunk certificates since these have a known password.
I tried using self signed certificates, but when I installed a self signed certificate for the lab forwarder to talk to the lab indexer/search head the lab indexer/search head couldn't connect to any of the other production indexers.
In order to not have the browser SSL error we are planning on going to a real SSL cert, at least for the search heads. The questions are: