diff --git a/tasks/add_tls_cert.yml b/tasks/add_tls_cert.yml
index 42f783f11950a0a15ba2b8e8ed0c851d98e12af9..edc2c40416ebf80ec4e3dcea18f6a6d6c7ee269b 100644
--- a/tasks/add_tls_cert.yml
+++ b/tasks/add_tls_cert.yml
@@ -19,9 +19,9 @@
   when: ansible_os_family == 'Debian'
   copy:
     src: '{{ item }}'
-    dest: '/usr/local/share/ca-certificates/{{ item|basename }}.crt'
+    dest: '{{ cert_dir[ansible_os_family] }}/{{ item|basename }}.crt'
     owner: root
-    group: root
+    group: '{{ root_group[ansible_os_family] }}'
     mode: '0644'
   notify:
   - Update CA store
diff --git a/tasks/tls_cert_OpenBSD.yml b/tasks/tls_cert_OpenBSD.yml
index e2b568190c3263f067e231ce07843d63765e0bea..9f07913f0268e595241cc7b04a13f6921784588c 100644
--- a/tasks/tls_cert_OpenBSD.yml
+++ b/tasks/tls_cert_OpenBSD.yml
@@ -56,7 +56,6 @@
         -out /etc/ssl/certs/ssl-cert-snakeoil.pem \
         -days 3650
         -subj "/CN={{ ansible_fqdn }}"
-  register: tls_gen_snakeoil_cert
 
 - name: Set TLS key and certificate
   set_fact:
diff --git a/vars/main.yml b/vars/main.yml
index a4b91f636334a432d0fe84d153dc7d57e98d7e06..853fa99b114ce523fe813789fd0aded010333ed4 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -41,3 +41,9 @@ ca_store:
 ssh_daemon:
     OpenBSD: sshd
     Debian: ssh
+root_group:
+    OpenBSD: wheel
+    Debian: root
+cert_dir:
+    OpenBSD: /etc/ssl/certs
+    Debian: /usr/local/share/ca-certificates