Can't get SSL to work for Indexers and Forwarders

I have read almost ever answer provided in earlier questions, still not having luck with my self-signed certificates to work with our Indexers and Forwarders. We deploy the inputs.conf for indexers in an app called IDX_index_config We deploy the outputs.conf for forwarders in an app called FW_output_config I am putting ever step I made, I am wondering if my issue is in my certificate creation: mkdir /opt/splunk/etc/auth/mycerts cd /opt/splunk/etc/auth/mycerts **Create Root Certificate**: **Generate a private key for your root cert:** /opt/splunk/bin/splunk cmd openssl genrsa -aes256 -out myCAPrivateKey.key 2048 **Generate and sign the certificate**: /opt/splunk/bin/splunk cmd openssl req -new -key myCAPrivateKey.key -out myCACertificate.csr **Use the CSR to generate the public certificate**: /opt/splunk/bin/splunk cmd openssl x509 -req -in myCACertificate.csr -sha256 -signkey myCAPrivateKey.key -CAcreateserial -out myCACertificate.pem -days 1095 **Create Server Certificate** **Generate a key for your server certificate**: /opt/splunk/bin/splunk cmd openssl genrsa -aes256 -out myServerPrivateKey.key 2048 **Generate and sign a new server certificate**: /opt/splunk/bin/splunk cmd openssl req -new -key myServerPrivateKey.key -out myServerCertificate.csr **Use the CSR and your CA Certificate and private key to generate a server certificate**: /opt/splunk/bin/splunk cmd openssl x509 -req -in myServerCertificate.csr -sha256 -CA myCACertificate.pem -CAkey myCAPrivateKey.key -CAcreateserial -out myServerCertificate.pem -days 1095 **create single PEM file** cat myServerCertificate.pem myServerPrivateKey.key myCACertificate.pem > myNewServerCertificate.pem **Copy certs to both deployment apps**: cp /opt/splunk/etc/auth/mycerts/my* /opt/splunk/etc/deployment-apps/IDX_indexer_config/sslfwd/ cp /opt/splunk/etc/auth/mycerts/my* /opt/splunk/etc/deployment-apps/FW_output_config/sslfwd/ **Modify IDX_indexer_config/default/inputs.conf:** [SSL] rootCA = /opt/splunk/etc/apps/IDX_indexer_config/sslfwd/myCACertificate.pem serverCert = /opt/splunk/etc/apps/IDX_indexer_config/sslfwd/myNewServerCertificate.pem requireClientCert = false [splunktcp-ssl:9997] **Modify FW_output_config/default/outputs.conf** #turn off indexing on search head [indexAndForward] index = false [tcpout] defaultGroup = splunkssl indexAndForward = false useACK = false forwardedindex.filter.disable = true [tcpout:splunkssl] compressed = false disabled = false server = nlpawdindex-1:9997, nlpawdindex-2:9997, tlpawdindex-1:9997, tlpawdindex-2:9997 sslPassword = blah4splunk **#not the real password** but I did use the SAME password for myCAPrivateKey.key and myServerPrivateKey.key sslCertPath = /opt/splunk/etc/apps/FW_output_config/sslfwd/myNewServerCertificate.pem sslRootCAPath = /opt/splunk/etc/apps/FW_output/config/sslfwd/myCACertificate.pem /opt/splunk/bin/splunk reload deploy-server #to send out new configs to indexer and forwarders **when trying to test ssl**: /opt/splunk/bin/splunk cmd openssl s_client -connect nlpawdindex-1:9997 connect: Connection refused connect:errno=111 **on my Indexer I get the following** 10-25-2017 10:25:42.204 -0500 INFO TcpInputProc - Running shutdown level 1. Closing listening ports. 10-25-2017 10:25:42.204 -0500 INFO TcpInputProc - Shutting down listening ports 10-25-2017 10:25:42.204 -0500 INFO TcpInputProc - Setting up input quiesce timeout for : 90 secs 10-25-2017 10:25:43.116 -0500 INFO TcpInputProc - Cleaning up TCP connections 10-25-2017 10:25:43.116 -0500 INFO TcpInputProc - Shutting down existing connections. 10-25-2017 10:25:43.117 -0500 INFO TcpInputProc - TCP connection cleanup complete 10-25-2017 10:25:48.063 -0500 INFO TcpInputProc - Registering metrics callback for: tcpin_connections **On one of the forwarders I get** 10-25-2017 10:09:17.239 -0500 INFO TcpOutputProc - Shutting down auto load balanced connection strategy 10-25-2017 10:09:17.239 -0500 INFO TcpOutputProc - Auto load balanced connection strategy shutdown finished 10-25-2017 10:09:17.239 -0500 INFO TcpOutputProc - Received shutdown control key. 10-25-2017 10:09:20.355 -0500 INFO TcpOutputProc - found Whitelist forwardedindex.0.whitelist , RE : forwardedindex.0.whitelist 10-25-2017 10:09:20.355 -0500 INFO TcpOutputProc - found Blacklist forwardedindex.1.blacklist , RE : forwardedindex.1.blacklist 10-25-2017 10:09:20.355 -0500 INFO TcpOutputProc - found Whitelist forwardedindex.2.whitelist , RE : forwardedindex.2.whitelist 10-25-2017 10:09:20.355 -0500 INFO TcpOutputProc - Will forward data belonging to all the indices 10-25-2017 10:09:20.359 -0500 INFO TcpOutputProc - tcpout group splunkssl using Auto load balanced forwarding 10-25-2017 10:09:20.359 -0500 INFO TcpOutputProc - Group splunkssl initialized with maxQueueSize=512000 in bytes. 10-25-2017 10:11:01.041 -0500 WARN TcpOutputProc - Forwarding to indexer group splunkssl blocked for 100 seconds. ANY help would be appreciated.