diff --git a/elasticsearch.yml b/elasticsearch.yml
index 15b8c41..6df812d 100644
--- a/elasticsearch.yml
+++ b/elasticsearch.yml
@@ -22,7 +22,10 @@ discovery.type: single-node
 
 # --------------------------------- Security ----------------------------------
 xpack.security.enabled: true
-xpack.security.transport.ssl.enabled: false
+xpack.security.transport.ssl.enabled: true
+xpack.security.transport.ssl.verification_mode: certificate
+xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
+xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
 xpack.security.http.ssl.enabled: false
 xpack.security.authc.token.enabled: false
 xpack.security.authc.api_key.enabled: false
diff --git a/start.sh b/start.sh
index 5d676bb..067a5a2 100644
--- a/start.sh
+++ b/start.sh
@@ -342,6 +342,14 @@ start_elasticsearch() {
     # Command to start Elasticsearch
     ES_START_CMD="ES_PATH_CONF=$ES_PATH_CONF ES_JAVA_HOME=/app/data/jdk $ES_HOME/bin/elasticsearch"
     ES_START_CMD="$ES_START_CMD -E xpack.security.enabled=true -E bootstrap.password=$ELASTIC_PASSWORD"
+    # Add explicit settings for transport SSL
+    ES_START_CMD="$ES_START_CMD -E xpack.security.transport.ssl.enabled=true"
+    ES_START_CMD="$ES_START_CMD -E xpack.security.transport.ssl.verification_mode=certificate"
+    ES_START_CMD="$ES_START_CMD -E xpack.security.transport.ssl.keystore.path=elastic-certificates.p12"
+    ES_START_CMD="$ES_START_CMD -E xpack.security.transport.ssl.truststore.path=elastic-certificates.p12"
+    # Add empty password for certificates (we created them without password)
+    ES_START_CMD="$ES_START_CMD -E xpack.security.transport.ssl.keystore.secure_password=''"
+    ES_START_CMD="$ES_START_CMD -E xpack.security.transport.ssl.truststore.secure_password=''"
     ES_START_CMD="$ES_START_CMD -d -p /app/data/run/elasticsearch.pid"
     
     echo "Starting Elasticsearch..."
@@ -373,7 +381,7 @@ start_elasticsearch() {
     
     # Reset the elastic user password
     cd $ES_HOME
-    echo "y" | ES_JAVA_HOME=/app/data/jdk bin/elasticsearch-reset-password -u elastic -b -p "$ELASTIC_PASSWORD" --url "http://localhost:9200" || true
+    echo "y" | ES_JAVA_HOME=/app/data/jdk bin/elasticsearch-reset-password -u elastic --password "$ELASTIC_PASSWORD" --url "http://localhost:9200" || true
     
     # Create index template with the settings we removed from elasticsearch.yml
     echo "Applying index templates with settings removed from elasticsearch.yml..."