diff --git a/salt/elasticsearch/files/elasticsearch.yml b/salt/elasticsearch/files/elasticsearch.yml
index 1ea190236..3a763732b 100644
--- a/salt/elasticsearch/files/elasticsearch.yml
+++ b/salt/elasticsearch/files/elasticsearch.yml
@@ -29,15 +29,23 @@ cluster.routing.allocation.disk.watermark.flood_stage: 98%
 #xpack.security.http.ssl.enabled: false
 xpack.security.transport.ssl.enabled: true
 xpack.security.transport.ssl.verification_mode: none
-xpack.security.transport.ssl.key: /usr/share/elasticsearch/config/elasticsearch.key
-xpack.security.transport.ssl.certificate: /usr/share/elasticsearch/config/elasticsearch.crt
-xpack.security.transport.ssl.certificate_authorities: [ "/usr/share/elasticsearch/config/ca.crt" ]
+xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/sokeys
+xpack.security.transport.ssl.keystore.password: changeit
+xpack.security.transport.ssl.truststore.path: /etc/pki/java/cacerts
+xpack.security.transport.ssl.truststore.password: changeit
+#xpack.security.transport.ssl.key: /usr/share/elasticsearch/config/elasticsearch.key
+#xpack.security.transport.ssl.certificate: /usr/share/elasticsearch/config/elasticsearch.crt
+#xpack.security.transport.ssl.certificate_authorities: [ "/usr/share/elasticsearch/config/ca.crt" ]
 {%- if grains['role'] in ['so-node','so-heavynode'] %}
 xpack.security.http.ssl.enabled: true
-xpack.security.http.ssl.key: /usr/share/elasticsearch/config/elasticsearch.key
-xpack.security.http.ssl.certificate: /usr/share/elasticsearch/config/elasticsearch.crt
-xpack.security.http.ssl.certificate_authorities: /usr/share/elasticsearch/config/ca.crt
 xpack.security.http.ssl.client_authentication: none
+xpack.security.http.ssl.keystore.path: /usr/share/elasticsearch/config/sokeys
+xpack.security.http.ssl.keystore.password: changeit
+xpack.security.http.ssl.truststore.path: /etc/pki/java/cacerts
+xpack.security.http.ssl.truststore.password: changeit
+#xpack.security.http.ssl.key: /usr/share/elasticsearch/config/elasticsearch.key
+#xpack.security.http.ssl.certificate: /usr/share/elasticsearch/config/elasticsearch.crt
+#xpack.security.http.ssl.certificate_authorities: /usr/share/elasticsearch/config/ca.crt
 {%- endif %}
 #xpack.security.authc:
 #  anonymous: