diff --git a/roles/ispmail-certificate/tasks/main.yml b/roles/ispmail-certificate/tasks/main.yml
index df196e5..ae05a88 100644
--- a/roles/ispmail-certificate/tasks/main.yml
+++ b/roles/ispmail-certificate/tasks/main.yml
@@ -1,4 +1,6 @@
 ---
 - name: Create a self-signed certificate
   shell: openssl req -new -x509 -days 3650 -subj "/C=DE/ST=Hamburg/L=Hamburg/O=IT/CN={{ansible_fqdn}}" -nodes -sha256 -newkey rsa:4096 -out /etc/ssl/certs/mailserver.pem -keyout /etc/ssl/private/mailserver.pem -extensions v3_ca creates=/etc/ssl/certs/mailserver.pem
+- name: Restrict access permissions of the private key
+  file: path=/etc/ssl/private/mailserver.pem mode=0640