We are trying to figure UF and Splunk Indexer to use SSL certs to create a secure comms between the two

and for some reason it does not create the secure connection 
any assitance you can provide would be great

Below is the Indexer inputs.conf stanza[default]
host = xxxspl01x

[splunktcp-ssl://9998]
compressed = true
disabled = 0

[SSL]
serverCert = $SPLUNK_HOME/etc/auth/certs/splunkweb/xxxpl01x.pem
sslPassword =
requireClientCert = true
sslVersions = tls1.2
cipherSuite = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256
:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDH-ECDSA-AES256-GCM-SHA384
:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-SHA256:AES256-GCM-SHA384:AES128-GCM-SHA256:AES128-SHA256
sslCommonNameToCheck = xxxx01x.xxx.yyyy.com
sslAltNameToCheck = xxxx01x

 Below is the UF outputs.com 

# DoS Universal Forwarder outputs - new

[tcpout]
defaultGroup = xxxIndexer-group

[tcpout:dosIndexer-group]
server = z.z.z:9998
disabled = 0
clientCert = $SPLUNK_HOME\etc\auth\DOS\xxx01x.pem
sslPassword = removed 
useClientSSLCompression = true
sslVerifyServerCert = true
sslVerifyServerName = true
sslCommonNameToCheck = yyy01y.xxx.yyy.com
sslAltNameToCheck = yyy01y
cipherSuite = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256
:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDH-ECDSA-AES256-GCM-SHA384
:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-SHA256:AES256-GCM-SHA384:AES128-GCM-SHA256:AES128-SHA256

[tcpout-server://x.x.x.xx:9998]then run the below 
index=_internal source=*metrics.log* group=tcpin_connections |
dedup hostname | table _time hostname version sourceIp destPort ssl
results of 
_time = system time
hostname = host name
version = 9.0.5
sourcelp = ip address
det port =  9997
ssl = false