diff --git a/salt/elasticsearch/files/elasticsearch.yml b/salt/elasticsearch/files/elasticsearch.yml
index d9cf80cd9..4a7260bc6 100644
--- a/salt/elasticsearch/files/elasticsearch.yml
+++ b/salt/elasticsearch/files/elasticsearch.yml
@@ -26,30 +26,17 @@ cluster.routing.allocation.disk.watermark.low: 95%
 cluster.routing.allocation.disk.watermark.high: 98%
 cluster.routing.allocation.disk.watermark.flood_stage: 98%
 #xpack.security.enabled: false
-#xpack.security.http.ssl.enabled: false
 xpack.security.transport.ssl.enabled: true
 xpack.security.transport.ssl.verification_mode: none
-xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/elasticsearch.p12
-xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/config/elasticsearch.p12
-#xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/sokeys
-#xpack.security.transport.ssl.keystore.secure_password: changeit
-#xpack.security.transport.ssl.truststore.path: /etc/pki/java/cacerts
-#xpack.security.transport.ssl.truststore.password: changeit
-#xpack.security.transport.ssl.key: /usr/share/elasticsearch/config/elasticsearch.key
-#xpack.security.transport.ssl.certificate: /usr/share/elasticsearch/config/elasticsearch.crt
-#xpack.security.transport.ssl.certificate_authorities: [ "/usr/share/elasticsearch/config/ca.crt" ]
+xpack.security.transport.ssl.key: /usr/share/elasticsearch/config/elasticsearch.key
+xpack.security.transport.ssl.certificate: /usr/share/elasticsearch/config/elasticsearch.crt
+xpack.security.transport.ssl.certificate_authorities: [ "/usr/share/elasticsearch/config/ca.crt" ]
 {%- if grains['role'] in ['so-node','so-heavynode'] %}
 xpack.security.http.ssl.enabled: true
 xpack.security.http.ssl.client_authentication: none
-xpack.security.http.ssl.keystore.path: /usr/share/elasticsearch/config/elasticsearch.p12
-xpack.security.http.ssl.keystore.path: /usr/share/elasticsearch/config/elasticsearch.p12
-#xpack.security.http.ssl.keystore.path: /usr/share/elasticsearch/config/sokeys
-#xpack.security.http.ssl.keystore.secure_password: changeit
-#xpack.security.http.ssl.truststore.path: /etc/pki/java/cacerts
-#xpack.security.http.ssl.truststore.password: changeit
-#xpack.security.http.ssl.key: /usr/share/elasticsearch/config/elasticsearch.key
-#xpack.security.http.ssl.certificate: /usr/share/elasticsearch/config/elasticsearch.crt
-#xpack.security.http.ssl.certificate_authorities: /usr/share/elasticsearch/config/ca.crt
+xpack.security.http.ssl.key: /usr/share/elasticsearch/config/elasticsearch.key
+xpack.security.http.ssl.certificate: /usr/share/elasticsearch/config/elasticsearch.crt
+xpack.security.http.ssl.certificate_authorities: /usr/share/elasticsearch/config/ca.crt
 {%- endif %}
 #xpack.security.authc:
 #  anonymous:
diff --git a/salt/elasticsearch/init.sls b/salt/elasticsearch/init.sls
index e71398e4b..f1b82f068 100644
--- a/salt/elasticsearch/init.sls
+++ b/salt/elasticsearch/init.sls
@@ -216,6 +216,11 @@ so-elasticsearch:
       - /nsm/elasticsearch:/usr/share/elasticsearch/data:rw
       - /opt/so/log/elasticsearch:/var/log/elasticsearch:rw
       - /opt/so/conf/ca/cacerts:/etc/pki/ca-trust/extracted/java/cacerts:ro
+      {% if grains['role'] in ['so-manager','so-managersearch'] %}
+      - /etc/pki/ca.crt:/usr/share/elasticsearch/config/ca.crt:ro
+      {% else %}
+      - /etc/ssl/certs/intca.crt:/usr/share/elasticsearch/config/ca.crt:ro
+      {% endif %}
       - /etc/pki/ca.crt:/usr/share/elasticsearch/config/ca.crt:ro
       - /etc/pki/elasticsearch.crt:/usr/share/elasticsearch/config/elasticsearch.crt:ro
       - /etc/pki/elasticsearch.key:/usr/share/elasticsearch/config/elasticsearch.key:ro