@Nawab- The answer is yes, you can setup SSL on both places and you can also set SSL only for HF to Indexer. I think it should not matter what you use from UF to HF and HF to Indexer, they should act independent from each other. Connection with SSL inputs.conf
---------------
[splunktcp-ssl:9997]
serverCert = <string>
sslPassword = <string>
requireClientCert = <boolean>
sslVersions = <string>
cipherSuite = <cipher suite string>
ecdhCurves = <comma separated list of ec curves>
dhFile = <string>
allowSslRenegotiation = <boolean>
sslQuietShutdown = <boolean>
sslCommonNameToCheck = <commonName1>, <commonName2>, ...
sslAltNameToCheck = <alternateName1>, <alternateName2>, ...
useSSLCompression = <boolean>
outputs.conf
------------------
[tcpout]
defaultGroup = my_indexers
[tcpout:my_indexers]
server = <indexer>:9997
sslPassword = password
clientCert = $SPLUNK_HOME/etc/auth/server.pem
(<Check outputs.conf.spec for other SSL configs) Connection without SSL inputs.conf
---------------
[splunktcp:9997]
outputs.conf
------------------
[tcpout]
defaultGroup = my_indexers
[tcpout:my_indexers]
server = <indexer>:9997 I hope this helps!!!!
... View more