Looking for pointers on putting Cribl between Splunk UF and Indexer with TLS Encryption

I am not currently facing any issue or error, rather i am trying to understand/preparing to deliver -- with what will be provided --outputs.conf on UF andinputs.conf on the indexer

Do you wanna do mTLS or just TLS on the receiving side?

on the windows UF side, i must use`sslVerifyServerCert = true` in outputs.conf -- so i suppose mutual TLS is needed for this, right

Mutual means that the client (sending side) also needs to present a valid cert

In Splunk that's requireClientCert

yes.I would need to use below in my splunk UF outputs.conf --```clientCert = <path>sslVerifyServerCert = trueindexerDiscovery = somethingABCDEFGHuseACK = true```I will keep indexerDiscovery out of the scope of our discussion for now andfocus more on `clientCert` and `sslVerifyServerCert` as a must to place on the windows UF -- while i am reproducing scenario in my lab.

Yeah, the question is if proper client cert authentication is part of your requirements.

yes. it is

In Cribl, you enable TLS on the input, enable client cert validation, give Cribl the root CA of the UF client cert.

Okay. So you already have that config for the UF. You might have to add the root CA cert that the Cribl receiving side cert has been issued by

On Cribl output, configure a valid client cert, on the IDX side configure inputs.conf for splunktcp-ssl, give it a root CA that issued the Cribl client cert

Well, whatever cert you got for that box Cribl runs on