What does splunkd.log say about configuration errors? I think the sslPassword setting is missing. Also, you need to configure inputs.conf on your receiver.
The configurations structure which worked for me is,
outputs.conf (on forwarders):
[tcpout]
sslPassword = xxxxxxxxxxxxxxxxxxxxxx
sslVersions = tls1.2
clientCert = $SPLUNK_HOME/etc/auth/myOrg/myOrgFWDcert.pem
sslRootCAPath = $SPLUNK_HOME/etc/auth/myOrg/myOrgCACertificate.pem
channelReapInterval = 60000
channelReapLowater = 10
channelTTL = 300000
dnsResolutionInterval = 300
negotiateNewProtocol = true
socksResolveDNS = false
useClientSSLCompression = true
[tcpout:my_idx_cluster]
server = idx1.com:9998, idx.com2:9998
useACK = true
inputs.conf (On indexers):
[SSL]
serverCert = $SPLUNK_HOME/etc/auth/myOrg/myOrgServerCertificate.pem
sslPassword = xxxxxxxxxxxxxxxxx
sslVersions = tls1.2
[splunktcp-ssl:9998]
Additionally, please refer to these links for more information,
https://docs.splunk.com/Documentation/Splunk/7.1.2/Security/ConfigureSplunkforwardingtousesignedcertificates
https://conf.splunk.com/session/2015/conf2015_DWaddle_DefensePointSecurity_deploying_SplunkSSLBestPractices.pdf
... View more