diff --git a/defaults/main.yml b/defaults/main.yml
index 6d801af..52b1ab3 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -43,8 +43,6 @@ unifi_open_ports:
     state: present
 
 unifi_tls_deploment_enabled: False
-unifi_tls_pkcs12_path: /tmp/unifi.p12
 unifi_tls_pkcs12_passphrase: temppass
 unifi_tls_cert_path: /etc/pki/tls/certs/cert.pem
 unifi_tls_key_path: /etc/pki/tls/private/key.pem
-unifi_tls_lookup_user: "{{ ansible_user_dir }}"
diff --git a/tasks/certificates.yml b/tasks/certificates.yml
index 042aa03..ed06f30 100644
--- a/tasks/certificates.yml
+++ b/tasks/certificates.yml
@@ -1,15 +1,55 @@
 ---
+- name: Copy tls cert and key
+  copy:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    mode: "{{ item.mode }}"
+  with_items:
+    - "{ src: {{ unifi_tls_key_path }}, dest: '/etc/pki/tls/private/unifi.pem' ,mode: '0600' }"
+    - "{ src: {{ unifi_tls_cert_path }}, dest: '/etc/pki/tls/certs/unifi.pem',mode: '0750' }"
+  register: __unifi_certs
+  become: True
+  become_user: root
+
 - block:
-  - name: Setup temp. openssl pkcs12 keystore
+  - set_fact:
+      __unifi_pkcs12_path: /tmp/unifi.p12
+      __unifi_keystore_path: "{{ unifi_base_dir }}/{{ unifi_version }}//UniFi/data/keystore"
+
+  - name: Create temp openssl pkcs12 keystore at '{{ __unifi_pkcs12_path }}'
     openssl_pkcs12:
-      path: "{{ unifi_tls_pkcs12_path }}"
+      path: "{{ __unifi_pkcs12_path }}"
       friendly_name: ubnt
-      privatekey_path: "{{ unifi_tls_key_path }}"
-      cert_path: "{{ unifi_tls_cert_path }}"
+      privatekey_path: /etc/pki/tls/private/unifi.pem
+      cert_path: /etc/pki/tls/certs/unifi.pem
       passphrase: "{{ unifi_tls_pkcs12_passphrase }}"
       state: present
-      force: True
-    delegate_to: localhost
-    changed_when: False
+
+  - name: Delete current keystore file
+    file:
+      path: "{{ __unifi_keystore_path }}"
+      state: absent
+
+  - name: Create java keystore at '{{ __unifi_keystore_path }}'
+    pkcs12_path: "/tmp/importkeystore.p12"
+      cert_alias: ubnt
+      keystore_path: "{{ __unifi_keystore_path }}"
+      keystore_pass: aircontrolenterprise
+      keystore_create: yes
+      state: present
+    notify: __unifi_restart
+
+  - name: Adjust keystore filesystem permissions
+    file:
+      path: "{{ __unifi_keystore_path }}"
+      owner: "{{ unifi_user }}"
+      group: "{{ unifi_group }}"
+      mode: 0600
+
+  - name: Remove '{{ __unifi_pkcs12_path }}'
+    file:
+      path: "{{ __unifi_pkcs12_path }}"
+      state: absent
   become: True
-  become_user: "{{ unifi_tls_lookup_user }}"
+  become_user: root
+  when: __unifi_certs.changed