diff --git a/templates/elasticsearch.yml.j2 b/templates/elasticsearch.yml.j2
index e1c226c..ccf6b11 100644
--- a/templates/elasticsearch.yml.j2
+++ b/templates/elasticsearch.yml.j2
@@ -38,27 +38,11 @@ action.auto_create_index: {{ es_action_auto_create_index }}
 {% if es_enable_xpack and es_api_basic_auth_username is defined and es_api_basic_auth_password is defined %}
 xpack.security.enabled: true
 
-{% if es_enable_http_ssl | bool %}
-xpack.security.http.ssl.enabled: true
-{% if es_ssl_keystore and es_ssl_truststore %}
-xpack.security.http.ssl.keystore.path: : "{{ es_ssl_certificate_path }}/{{ es_ssl_keystore | basename }}"
-xpack.security.http.ssl.truststore.path: "{{ es_ssl_certificate_path }}/{{ es_ssl_truststore | basename }}"
-{% elif es_ssl_key and  es_ssl_certificate%}
-xpack.security.http.ssl.key: "{{ es_ssl_certificate_path }}/{{ es_ssl_key | basename }}"
-xpack.security.http.ssl.certificate: "{{ es_ssl_certificate_path }}/{{ es_ssl_certificate | basename }}"
-{% if es_ssl_certificate_authority %}
-xpack.security.http.ssl.certificate_authorities: "{{ es_ssl_certificate_path }}/{{ es_ssl_certificate_authority | basename }}"
-{% endif %}
-{% endif %}
-{% else %}
-# xpack.security.http.ssl.enabled: false
-{% endif %}
-
 {% if es_enable_transport_ssl | bool %}
 xpack.security.transport.ssl.enabled: true
-xpack.security.transport.ssl.verification_mode: {{ es_ssl_verification_mode }}
+xpack.security.transport.ssl.verification_mode: "{{ es_ssl_verification_mode }}"
 {% if es_ssl_keystore and es_ssl_truststore %}
-xpack.security.transport.ssl.keystore.path: : "{{ es_ssl_certificate_path }}/{{ es_ssl_keystore | basename }}"
+xpack.security.transport.ssl.keystore.path: "{{ es_ssl_certificate_path }}/{{ es_ssl_keystore | basename }}"
 xpack.security.transport.ssl.truststore.path: "{{ es_ssl_certificate_path }}/{{ es_ssl_truststore | basename }}"
 {% elif es_ssl_key and  es_ssl_certificate%}
 xpack.security.transport.ssl.key: "{{ es_ssl_certificate_path }}/{{ es_ssl_key | basename }}"
@@ -70,6 +54,22 @@ xpack.security.transport.ssl.certificate_authorities: "{{ es_ssl_certificate_pat
 {% else %}
 # xpack.security.transport.ssl.enabled: false
 {% endif %}
+
+{% if es_enable_http_ssl | bool %}
+xpack.security.http.ssl.enabled: true
+{% if es_ssl_keystore and es_ssl_truststore %}
+xpack.security.http.ssl.keystore.path: "{{ es_ssl_certificate_path }}/{{ es_ssl_keystore | basename }}"
+xpack.security.http.ssl.truststore.path: "{{ es_ssl_certificate_path }}/{{ es_ssl_truststore | basename }}"
+{% elif es_ssl_key and  es_ssl_certificate%}
+xpack.security.http.ssl.key: "{{ es_ssl_certificate_path }}/{{ es_ssl_key | basename }}"
+xpack.security.http.ssl.certificate: "{{ es_ssl_certificate_path }}/{{ es_ssl_certificate | basename }}"
+{% if es_ssl_certificate_authority %}
+xpack.security.http.ssl.certificate_authorities: "{{ es_ssl_certificate_path }}/{{ es_ssl_certificate_authority | basename }}"
+{% endif %}
+{% endif %}
+{% else %}
+# xpack.security.http.ssl.enabled: false
+{% endif %}
 {% endif %}
 
 {% if es_mail_config is defined %}