diff --git a/salt/manager/tools/sbin/soup b/salt/manager/tools/sbin/soup
index 18ed1581f..ff9414b2d 100755
--- a/salt/manager/tools/sbin/soup
+++ b/salt/manager/tools/sbin/soup
@@ -1187,19 +1187,21 @@ update_import_fleet_output() {
 update_default_logstash_output() {
     echo "Updating fleet logstash output policy grid-logstash"
     if logstash_policy=$(curl -K /opt/so/conf/elasticsearch/curl.config -L "http://localhost:5601/api/fleet/outputs/so-manager_logstash" --retry 3 --retry-delay 10 --fail 2>/dev/null); then
-        SSL_CONFIG=$(echo "$logstash_policy" | jq -r '.item.ssl')
         # Keep already configured hosts for this update, subsequent host updates come from so-elastic-fleet-outputs-update
         HOSTS=$(echo "$logstash_policy" | jq -r '.item.hosts')
         DEFAULT_ENABLED=$(echo "$logstash_policy" | jq -r '.item.is_default')
         DEFAULT_MONITORING_ENABLED=$(echo "$logstash_policy" | jq -r '.item.is_default_monitoring')
         LOGSTASHKEY=$(openssl rsa -in  /etc/pki/elasticfleet-logstash.key)
+        LOGSTASHCRT=$(openssl x509 -in /etc/pki/elasticfleet-logstash.crt)
+        LOGSTASHCA=$(openssl x509 -in  /etc/pki/tls/certs/intca.crt)
         JSON_STRING=$(jq -n \
             --argjson HOSTS "$HOSTS" \
             --arg DEFAULT_ENABLED "$DEFAULT_ENABLED" \
             --arg DEFAULT_MONITORING_ENABLED "$DEFAULT_MONITORING_ENABLED" \
-            --argjson SSL_CONFIG "$SSL_CONFIG" \
             --arg LOGSTASHKEY "$LOGSTASHKEY" \
-            '{"name":"grid-logstash","type":"logstash","hosts": $HOSTS,"is_default": $DEFAULT_ENABLED,"is_default_monitoring": $DEFAULT_MONITORING_ENABLED,"config_yaml":"","ssl": $SSL_CONFIG,"secrets":{"ssl":{"key": $LOGSTASHKEY }}}')
+            --arg LOGSTASHCRT "$LOGSTASHCRT" \
+            --arg LOGSTASHCA "$LOGSTASHCA" \
+            '{"name":"grid-logstash","type":"logstash","hosts": $HOSTS,"is_default": $DEFAULT_ENABLED,"is_default_monitoring": $DEFAULT_MONITORING_ENABLED,"config_yaml":"","ssl":{"certificate": $LOGSTASHCRT,"certificate_authorities":[ $LOGSTASHCA ]},"secrets":{"ssl":{"key": $LOGSTASHKEY }}}')
     fi
 
     if curl -K /opt/so/conf/elasticsearch/curl.config -L -X PUT "localhost:5601/api/fleet/outputs/so-manager_logstash" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d "$JSON_STRING" --retry 3 --retry-delay 10 --fail; then