diff --git a/README.md b/README.md
index 40aa4b76e2a30ab756153b15227ec90e4baaeace..8b271bf3112e28c74a46d66c79e65c8877044c78 100644
--- a/README.md
+++ b/README.md
@@ -61,4 +61,7 @@ sidecar_cert_dir: "/etc/graylog/sidecar"
 
 # The time in days the client certificates will be valid
 cert_valid_days: 1095
+
+# The passphrase used for the CA file
+sidecar_ca_passphrase:
 ```
\ No newline at end of file
diff --git a/tasks/node-certs.yml b/tasks/node-certs.yml
index 462bb2137a8471aef59b56243e24125ac021a8a2..8e85604f0f24a05e15f09abd8781600a30f94992 100644
--- a/tasks/node-certs.yml
+++ b/tasks/node-certs.yml
@@ -1,9 +1,9 @@
 ---
 - name: Fail if 'sidecar-ca' host group is missing # noqa: run_once[task]
   ansible.builtin.fail:
-    msg: "Please add a host group 'sidecar-ca' with the host storing the CA file first"
+    msg: "Please add a host group 'sidecar-ca' with the host(s) storing the CA file first"
   run_once: true
-  when: "not ({{ groups['sidecar-ca'] is defined }})"
+  when: "not (groups['sidecar-ca'] is defined)"
 
 - name: Node Certificates | Create temporary directopry for certificates # noqa: run_once[task]
   ansible.builtin.file:
@@ -19,8 +19,8 @@
     dest: "{{ tmp_cert_dir }}/"
     flat: true
   with_items:
-    - "{{ gl_sidecar_ca_path }}/gl-sidecar.pem"
-    - "{{ gl_sidecar_ca_path }}/gl-sidecar.key"
+    - "{{ gl_sidecar_ca_path }}/sidecar-ca.pem"
+    - "{{ gl_sidecar_ca_path }}/sidecar-ca.key"
   delegate_to: "{{ groups['sidecar-ca'] | first }}"
   become: true
   run_once: true
@@ -50,9 +50,9 @@
         path: "{{ tmp_cert_dir }}/sidecar-{{ inventory_hostname }}.pem"
         csr_content: "{{ node_csr.csr }}"
         provider: ownca
-        ownca_path: "{{ tmp_cert_dir }}/gl-sidecar.pem"
-        ownca_privatekey_path: "{{ tmp_cert_dir }}/gl-sidecar.key"
-        ownca_privatekey_passphrase: "{{ ca_passphrase }}"
+        ownca_path: "{{ tmp_cert_dir }}/sidecar-ca.pem"
+        ownca_privatekey_path: "{{ tmp_cert_dir }}/sidecar-ca.key"
+        ownca_privatekey_passphrase: "{{ sidecar_ca_passphrase }}"
         ownca_not_after: "+{{ cert_valid_days }}d"
         ownca_not_before: "-1d"  # valid since yesterday
 
@@ -61,10 +61,10 @@
   block:
     - name: Node Certificates | Copy Node certificates
       ansible.builtin.copy:
-        src: "{{ tmp_cert_dir }}/{{ item }}"
+        src: "{{ tmp_cert_dir }}/{{ item.file }}"
         dest: "{{ sidecar_cert_dir }}"
-        mode: 0600
+        mode: "{{ item.mode }}"
       with_items:
-        - "sidecar-{{ inventory_hostname }}.key"
-        - "sidecar-{{ inventory_hostname }}.pem"
-        - "gl-sidecar.pem"
\ No newline at end of file
+        - { file: "sidecar-{{ inventory_hostname }}.key", mode: "0600" }
+        - { file: "sidecar-{{ inventory_hostname }}.pem", mode: "0644" }
+        - { file: "sidecar-ca.pem", mode: "0644" }
\ No newline at end of file