I have the following configuration that I would like to see work if possible. A server in the DMZ setup as an intermediary to capture logs from devices in AWS being transported over the internet. Could one possibly have the following setup:
AWS universal forwarder 3rd party cert
Then the DMZ host would use the default certs and default SSL configuration to send the data into a secure network on our intranet. I am not sure it will work as due to the fact the server.conf on the DMZ host will have a conflict between the 3rd party cert and the Splunk out of the box cert.