diff --git a/ssl_mgmt/ssl_mgmt b/ssl_mgmt/ssl_mgmt
index a7da7e8..1153a9a 100755
--- a/ssl_mgmt/ssl_mgmt
+++ b/ssl_mgmt/ssl_mgmt
@@ -281,6 +281,7 @@ generate_cert ()
 		return 1
 	fi
 	getfacl "$keyPath" | setfacl --set-file=- $keySubdir/$keyFile
+	chown --reference="$keyPath" $keySubdir/$keyFile
 	if [ -z "$no_overwrite" ]
 	then
 		if [ ! -f "$keyDestDir/$keyFile" ]
@@ -294,6 +295,7 @@ generate_cert ()
 		-keyfile $CAKeyPath -passin file:$rootCAPwdPath \
 		-out $certSubdir/$certFile -infiles $csrSubdir/$reqFile
 	getfacl "$certPath" | setfacl --set-file=- $certSubdir/$certFile
+	chown --reference="$certPath" $certSubdir/$certFile
 	if [ -z "$no_overwrite" ]
 	then
 		if [ ! -f "$certDestDir/$certFile" ]
@@ -314,6 +316,8 @@ EOF
 		mv $certSubdir/$certFile $certDestDir
 	fi
 	cat $keyDestDir/$keyFile $certDestDir/$certFile > $keyDestDir/$keycertFile
+	getfacl "$keyPath" | setfacl --set-file=- $keyDestDir/$keycertFile
+	chown --reference="$keyPath" $keyDestDir/$keycertFile
 	return 0
 }