I followed the exact same procedure.
I configured the SSL certificate in the server.conf of the forwarder using the [sslConfig] section, but the HTTP event collector is still presenting my clients with the Splunk generated certificate.
I have tried checking the error logs from Splunk to see if something was wrong and indeed the first few attempts, I found that my certificate was incorrect. (The following post helped me to figure this out: https://answers.splunk.com/answers/402988/after-upgrading-to-64-why-are-our-signed-certs-no.html)
However I do not receive any errors anymore in my logs, but still the forwarder is presenting my clients with the old Splunk generated certificate. Can someone tell me what I am doing wrong?
Thanks in advance!
... View more