The local copy is gone and still getting the 500 error. I did something to break it while I was trying to make the certificates work.

Sounds like it's time for a fresh install. Is that an option?

I deleted the line and retyped it on another line. Now I get the same error but with a different line number. I would love to try your app but I can't access splunkweb. I changed enableSplunkWebSSL to false and restated. It says the web is available and I can get to the log on screen. However when I enter my creds I get go to a page that says "500 Internal Server Error"

Can you just remove your local copy of web.conf & restart?

rm /opt/splunk/etc/system/local/web.conf

For example?

It definitely sounds like you had extra characters in there. When you deleted the line and typed manually, the characters moved to the line below. My suggestion is to remove the web.conf you've created and then start new, manually typing in everything as opposed to a copy and paste from another machine.

I discovered that serverCert is the new name for caCertPath. caCertPath is used in the default web.conf and my introducing serverCert is probably causing splunk to be confused.

I put my new certificate in the location pointed to by caCertPath and now splunkweb will start and eventually present me with a login page.

But when I enter my creds,after a period of time I get a "500 Internal Server Error".

Did you try removing your local copy and restarting to see if the 500 error goes away?

Thanks for the reply.
I deleted the line and retyped it on a different line. Same error but now on a different line. I'll checkout the app.