The issue was a combination of incorrect SSL certs, and also the way that I was trying to curl elastic on 9200.
Some things to keep in mind are understanding SSL certs, and then once it should be working, make sure to query elastic with https://fqdn:9200/ rather than http or localhost or the ip address. It is also worth noting the difference between xpack.security.transport and xpack.security.http settings, which is pretty clear in the documentation if you read thoroughly instead of skimming.
Still not sure how to get it working with your own CA, although I suspect I had it working but was querying elasticsearch incorrectly =0
For us it is easier / better to just use our normal certs anyway.
network.host: ["192.168.50.240", "10.229.50.240"]
discovery.zen.ping.unicast.hosts: ["elastic1int.domain.net", "elastic2int.domain.net"]
xpack.security.transport.ssl.certificate_authorities: [ "/etc/elasticsearch/certs/ca.crt" ]
xpack.security.http.ssl.certificate_authorities: [ "/etc/elasticsearch/certs/ca.crt" ]
Also worth noting it is a better practice to use 3 nodes instead of 2, but all I could afford at the time of making the cluster was 2 servers with 2x Intel(R) Xeon(R) CPU E5-2643 v2 @ 3.50GHz and 64GB of RAM each, but so far, even when we add our netflow data they are able to handle a lot of data. Still, once I get my way we will be adding one more of these to the cluster, since with netflow data rolling in it puts both of these boxes at 60% CPU utilization on average.