Hi,
I would recomend you use a Heavy Forwarder as your HEC endpoint, then send your data on to the Splunk Cloud via normal forwarder method.
A ticket would need to be raised with the Splunk Cloud team, to get the Certificate fixed.
If you do this via a heavy forwarder, look through this section of the manual "AboutsecuringyourSplunkconfigurationwithSSL"
If you would like a good presentation to talk you through setting up, this is a simple guide around the SSL certificate. Best Practices Configuration for Splunk SSL
https://docs.splunk.com/Documentation/Splunk/7.1.2/Security/AboutsecuringyourSplunkconfigurationwithSSL
https://conf.splunk.com/session/2015/conf2015_DWaddle_DefensePointSecurity_deploying_SplunkSSLBestPractices.pdf
... View more