diff --git a/roles/pki/tasks/main.yml b/roles/pki/tasks/main.yml
index 7c2523b..0021280 100644
--- a/roles/pki/tasks/main.yml
+++ b/roles/pki/tasks/main.yml
@@ -3,23 +3,23 @@
 - name: copy ca certificate
   copy:
     src: "/srv/ca/certs/ca.crt"
-    dest: "/etc/pki/tls/certs/ca.crt"
+    dest: "{{ tls_certs }}/ca.crt"
     mode: 0644
     owner: root
-    group: root
+    group: "{{ ansible_wheel }}"
 
 - name: copy host certificate
   copy:
     src: "/srv/ca/certs/{{ inventory_hostname }}.crt"
-    dest: "/etc/pki/tls/certs/{{ inventory_hostname }}.crt"
+    dest: "{{ tls_certs }}/{{ inventory_hostname }}.crt"
     mode: 0644
     owner: root
-    group: root
+    group: "{{ ansible_wheel }}"
 
 - name: copy host key
   copy:
     src: "/srv/ca/private/{{ inventory_hostname }}.key"
-    dest: "/etc/pki/tls/private/{{ inventory_hostname }}.key"
+    dest: "{{ tls_private }}/{{ inventory_hostname }}.key"
     mode: 0600
     owner: root
-    group: root
+    group: "{{ ansible_wheel }}"