You can't enable security without also enabling TLS for the transport layer. Also, while username and password is used for authenticating your client to Elasticsearch, but if you don't enable TLS for this communication channel, all data (including the passwords) are sent in plaintext from your client to elasticsearch and can be sniffed.
Is there any specific reason that you don't want to use TLS for client communication ?
Transport client doesn't communicate over http either way.
Is there any specific reason for using the transport client instead of the High Level Rest Client ? The transport client is deprecated in 7.0.0 and will be removed in 8.0.0.
That said, the errors you get above are because you have enabled TLS for the transport layer and you have tried to enable TLS in the transport client also, although unsuccessfully. I can see you have copied the configuration from Java Client and security | Elasticsearch Guide [7.1] | Elastic but you haven't shared with us how you have created the ca.crt Once you tell us a little more about what you want to achieve, we ca guide you better. For now, there are too many alternatives to know what to suggest solutions for.