it is additional step for authenticating your splunk indexers. For example- If it FALSE, setup an indexer, add and define common certificate and configure to forward the event, it will start ingesting. In this case, certificates, verify, whether it is forwarding events/logs to correct indexers only, but based on certificates
You need to have two more configs need to be added in case, you want it to work,
output.conf, (splunk forwarder - DS client)
sslCommonNameToCheck= server.common.name.com.fqdn
between server to server
sslCommonNameList = splunk.servers.names.with.comma.for.all.making.communication, server1.com, server2.com
Always configure these config in last, as any communication break, can be rolled back, as this would be only check.
... View more