Hi,
Thanks for documenting this, I was miles away and looking at the Capabilities on the Phantom side rather than Splunk's.
If I can participate, note that you can enable HTTPS with these steps:
from your browser (or any other method you like), export the certificate of the phantom. machine as X.509 Certificate (PEM).
For instance, with Firefox: Click the padlock icon on the left of the URL > Click the arrow next to the IP address (if you're using the IP as I am) > More information (at the bottom) > Security tab > View Certificate > in the next open that opens > Details > Export
Copy this to your Splunk ,machine in $SPLUNK_HOME/etc/apps/phantom/local/cert_bundle.pem
Now return to Splunk's Web UI and save your "Phantom Server Configuration" again. This should be accepted. No restart required.
... View more