diff --git a/salt/elasticsearch/files/sotls.yaml b/salt/elasticsearch/files/sotls.yaml
index 1b6353856..6fee1e8e2 100644
--- a/salt/elasticsearch/files/sotls.yaml
+++ b/salt/elasticsearch/files/sotls.yaml
@@ -1,4 +1,4 @@
-keystore.path: /etc/pki/ca-trust/extracted/java/sokeys
+keystore.path: /usr/share/elasticsearch/config/sokeys
 keystore.password: changeit 
 keystore.algorithm: SunX509
 truststore.path: /etc/pki/ca-trust/extracted/java/cacerts
diff --git a/salt/elasticsearch/init.sls b/salt/elasticsearch/init.sls
index 5bc9ddbb6..7cb887b05 100644
--- a/salt/elasticsearch/init.sls
+++ b/salt/elasticsearch/init.sls
@@ -139,6 +139,13 @@ esyml:
     - group: 939
     - template: jinja
 
+sotls:
+  file.managed:
+    - name: /opt/so/conf/elasticsearch/sotls.yml
+    - source: salt://elasticsearch/files/sotls.yml
+    - user: 930
+    - group: 939
+
 #sync templates to /opt/so/conf/elasticsearch/templates
 {% for TEMPLATE in TEMPLATES %}
 es_template_{{TEMPLATE.split('.')[0] | replace("/","_") }}:
@@ -200,8 +207,9 @@ so-elasticsearch:
       - /opt/so/log/elasticsearch:/var/log/elasticsearch:rw
       - /opt/so/conf/ca/cacerts:/etc/pki/ca-trust/extracted/java/cacerts:ro
       - /etc/pki/ca.crt:/usr/share/elasticsearch/config/ca.crt:ro
-      - /etc/pki/elasticsearch.key:/usr/share/elasticsearch/config/elasticsearch.key:ro
-      - /etc/pki/elasticsearch.crt:/usr/share/elasticsearch/config/elasticsearch.crt:ro
+      - /etc/pki/elasticsearch.p12:/usr/share/elasticsearch/config/elasticsearch.p12:ro
+      - /opt/so/conf/elasticsearch/sotls.yml:/usr/share/elasticsearch/config/sotls.yml:ro
+
     - watch:
       - file: cacertz