diff --git a/salt/allowed_states.map.jinja b/salt/allowed_states.map.jinja
index 091cb3786..57cff5b4f 100644
--- a/salt/allowed_states.map.jinja
+++ b/salt/allowed_states.map.jinja
@@ -191,7 +191,8 @@
           'firewall',
           'schedule',
           'docker_clean',
-          'kafka'
+          'kafka',
+          'elasticsearch.ca'
           ],
       'so-desktop': [
           'ssl',
diff --git a/salt/elasticsearch/ca.sls b/salt/elasticsearch/ca.sls
index 5485bb676..188450311 100644
--- a/salt/elasticsearch/ca.sls
+++ b/salt/elasticsearch/ca.sls
@@ -4,7 +4,7 @@
 # Elastic License 2.0.
 
 {% from 'allowed_states.map.jinja' import allowed_states %}
-{% if sls.split('.')[0] in allowed_states %}
+{% if sls.split('.')[0] in allowed_states or sls in allowed_states %}
 {%   from 'vars/globals.map.jinja' import GLOBALS %}
 
 # Move our new CA over so Elastic and Logstash can use SSL with the internal CA
diff --git a/salt/kafka/enabled.sls b/salt/kafka/enabled.sls
index ed26297b3..a42b6f18b 100644
--- a/salt/kafka/enabled.sls
+++ b/salt/kafka/enabled.sls
@@ -10,6 +10,7 @@
 {%   set KAFKANODES = salt['pillar.get']('kafka:nodes', {}) %}
 
 include:
+  - elasticsearch.ca
   - kafka.sostatus
   - kafka.config
   - kafka.storage