Hi,
This is a fairly late answer, but I've run into similar issues. The problem with this seems to be that Splunk really doesn't prompt for the CA password, but assumes it is "password". If you have a look at bin/genRootCA.sh you'll notice that you can't even choose your own password when creating a CA with the scripts.
So, I'm assuming that you've used a different tool for creating the CA. This means that you also have to use another tool for creating the server certificates. Either you can use the openssl command directly or you can use a wrapper, such as TinyCA. Alternatively, you can set the CA password to "password", even though you created it yourself.
One thing that caught me is that some wrappers will specify the certificate purpose and the OpenSSL library may reject client certificates used as server certificates. So check your settings for this, as well. IIRC, you won't get a proper error message unless you start splunk with the --debug option.
HTH
... View more