diff --git a/elasticsearch.yml b/elasticsearch.yml
index 6df812d..e31f474 100644
--- a/elasticsearch.yml
+++ b/elasticsearch.yml
@@ -25,7 +25,9 @@ xpack.security.enabled: true
 xpack.security.transport.ssl.enabled: true
 xpack.security.transport.ssl.verification_mode: certificate
 xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
+xpack.security.transport.ssl.keystore.password: cloudron
 xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
+xpack.security.transport.ssl.truststore.password: cloudron
 xpack.security.http.ssl.enabled: false
 xpack.security.authc.token.enabled: false
 xpack.security.authc.api_key.enabled: false
diff --git a/start.sh b/start.sh
index 067a5a2..4fa9d6e 100644
--- a/start.sh
+++ b/start.sh
@@ -173,14 +173,14 @@ configure_elasticsearch() {
         
         ES_JAVA_HOME=/app/data/jdk $ES_HOME/bin/elasticsearch-certutil ca \
             --out /tmp/elastic-certs/elastic-stack-ca.p12 \
-            --pass "" \
+            --pass "cloudron" \
             --silent
             
         ES_JAVA_HOME=/app/data/jdk $ES_HOME/bin/elasticsearch-certutil cert \
             --ca /tmp/elastic-certs/elastic-stack-ca.p12 \
-            --ca-pass "" \
+            --ca-pass "cloudron" \
             --out $ES_PATH_CONF/elastic-certificates.p12 \
-            --pass "" \
+            --pass "cloudron" \
             --silent
             
         chown elasticsearch:elasticsearch $ES_PATH_CONF/elastic-certificates.p12
@@ -347,9 +347,9 @@ start_elasticsearch() {
     ES_START_CMD="$ES_START_CMD -E xpack.security.transport.ssl.verification_mode=certificate"
     ES_START_CMD="$ES_START_CMD -E xpack.security.transport.ssl.keystore.path=elastic-certificates.p12"
     ES_START_CMD="$ES_START_CMD -E xpack.security.transport.ssl.truststore.path=elastic-certificates.p12"
-    # Add empty password for certificates (we created them without password)
-    ES_START_CMD="$ES_START_CMD -E xpack.security.transport.ssl.keystore.secure_password=''"
-    ES_START_CMD="$ES_START_CMD -E xpack.security.transport.ssl.truststore.secure_password=''"
+    # Use "cloudron" as the dummy password for certificates (Elasticsearch doesn't accept empty passwords)
+    ES_START_CMD="$ES_START_CMD -E xpack.security.transport.ssl.keystore.secure_password=cloudron"
+    ES_START_CMD="$ES_START_CMD -E xpack.security.transport.ssl.truststore.secure_password=cloudron"
     ES_START_CMD="$ES_START_CMD -d -p /app/data/run/elasticsearch.pid"
     
     echo "Starting Elasticsearch..."