diff --git a/roles/messaging/base/tasks/main.yml b/roles/messaging/base/tasks/main.yml
index a6c594d841..caf337ef0d 100644
--- a/roles/messaging/base/tasks/main.yml
+++ b/roles/messaging/base/tasks/main.yml
@@ -19,7 +19,7 @@
 - name: "copy fedora messaging key for {{ item.username }}"
   copy: src={{ private }}/files/rabbitmq/{{ env }}/pki/private/{{ item.key }}{% if env == 'staging' %}.stg{% endif %}.key
         dest=/etc/pki/rabbitmq/{{ item.username }}/{{ item.key }}.key
-        owner={{ item.username }} group=root mode={{ item.username }}
+        owner={{ item.username }} group=root mode=0600
   with_items: "{{ messaging.certificates }}"
   tags:
   - fedora-messaging
@@ -27,7 +27,7 @@
 - name: "copy fedora messaging certificate for {{ item.username }}"
   copy: src={{ private }}/files/rabbitmq/{{ env }}/pki/issued/{{ item.key }}{% if env == 'staging' %}.stg{% endif %}.crt
         dest=/etc/pki/rabbitmq/{{ item.username }}/{{ item.key }}.crt
-        owner={{ item.username }} group=root mode={{ item.username }}
+        owner={{ item.username }} group=root mode=0644
   with_items: "{{ messaging.certificates }}"
   tags:
   - fedora-messaging
@@ -35,7 +35,7 @@
 - name: "copy fedora messaging ca.crt for {{ item.username }} user"
   copy: src={{ private }}/files/rabbitmq/{{ env }}/pki/ca.crt
         dest=/etc/pki/rabbitmq/{{ item.username }}/ca.crt
-        owner={{ item.username }} group=root mode={{ item.username }}
+        owner={{ item.username }} group=root mode=0644
   with_items: "{{ messaging.certificates }}"
   tags:
   - fedora-messaging