Hi @Kieffer87 , I am trying to setup similar ssl on the Splunk Heavy Forward for one of the Vmware application syslog. I have few queries on the above solution you have mentioned. 1. Do we need to have a .cer file or .pem would do? 2. In the .cer/.pem file do we need to include the private key details? 3. Regarding the cipherSuite, do we need to get this from the source application that encrypts the data? 4. We have other default [SSL] config on the same Splunk server so in that case assuming we should use the specific SSL attributes in the [tcp-ssl://<port>] stanza?
... View more