Hi All,

I am trying to setup SSL configuration between my Indexer and forwarder on port 9998 while it still allows non SSL configuration with port 9997.

I have followed the process from this link but created private key without password (as instructed by my enterprise architect).

http://docs.splunk.com/Documentation/Splunk/latest/Security/Howtogetthird-partycertificates

I have received my server certificate and root CA certificate with .crt extension. I have merged my server cert, server private key and root CA into one and following is my Inputs.conf on Indexer - etc/system/local

[default]
host = MY-IDX

[splunktcp://9997]
disabled = 0

[splunktcp-ssl:9998]
compressed = true

[SSL]
requireClientCert = false
rootCA = $SPLUNK_HOME/etc/Certs/root_certificate.crt
serverCert = $SPLUNK_HOME/etc/Certs/server_cert.example.com.crt

Upon restarting I'm seeing following error entries. (and inputs.conf has "password = $1$nw==" added to SSL stanza)

11-24-2014 19:37:51.805 -0500 ERROR TcpInputConfig - SSL context not found. Will not open splunk 2 splunk (SSL) IPv4 port 9998
11-24-2014 19:37:51.804 -0500 ERROR TcpInputConfig - SSL server certificate not found, or password is wrong - SSL ports will not be opened 

I tried giving some password explicitly and also with renaming .crt to .pem but same error is received.

Would anyone help me with suggestions/troubleshooting steps on what I can try next. Kinda urgent.