diff --git a/roles/opendistro/opendistro-kibana/tasks/security_actions.yml b/roles/opendistro/opendistro-kibana/tasks/security_actions.yml
index 00a285d2..d5b784cf 100644
--- a/roles/opendistro/opendistro-kibana/tasks/security_actions.yml
+++ b/roles/opendistro/opendistro-kibana/tasks/security_actions.yml
@@ -6,6 +6,7 @@
       dest: /usr/share/kibana
       mode: 0644
     with_items:
+      - "root-ca.pem"
       - "{{ kibana_node_name }}_http.key"
       - "{{ kibana_node_name }}_http.pem"
   tags:
diff --git a/roles/opendistro/opendistro-kibana/templates/opendistro_kibana.yml.j2 b/roles/opendistro/opendistro-kibana/templates/opendistro_kibana.yml.j2
index e045ed1c..bc166988 100644
--- a/roles/opendistro/opendistro-kibana/templates/opendistro_kibana.yml.j2
+++ b/roles/opendistro/opendistro-kibana/templates/opendistro_kibana.yml.j2
@@ -14,10 +14,11 @@ server.host: {{ kibana_server_host }}
 elasticsearch.hosts: "https://{{ elasticsearch_network_host }}:{{ elasticsearch_http_port }}"
 elasticsearch.username: {{ opendistro_kibana_user }}
 elasticsearch.password: {{ opendistro_kibana_password }}
-elasticsearch.ssl.verificationMode: certificate
 server.ssl.enabled: true
 server.ssl.certificate: "/usr/share/kibana/{{ kibana_node_name }}_http.pem"
 server.ssl.key: "/usr/share/kibana/{{ kibana_node_name }}_http.key"
+elasticsearch.ssl.certificateAuthorities: ["/usr/share/kibana/root-ca.pem"]
+elasticsearch.ssl.verificationMode: full
 
 {% else %}
 elasticsearch.hosts: "http://{{ elasticsearch_network_host }}:{{ elasticsearch_http_port }}"