diff --git a/defaults/main.yml b/defaults/main.yml
index b2a35f4e..bbca845d 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -295,33 +295,33 @@ keystone_pki_install_certificates:
   # Apache certificates
   - src: "{{ keystone_user_ssl_cert | default(keystone_pki_certs_path ~ 'keystone_' ~ ansible_facts['hostname'] ~ '.crt') }}"
     dest: "{{ keystone_ssl_cert }}"
-    owner: "keystone_system_user_name"
-    group: "keystone_system_group_name"
+    owner: "{{ keystone_system_user_name }}"
+    group: "{{ keystone_system_group_name }}"
     mode: "0644"
     condition: "{{ keystone_ssl }}"
   - src: "{{ keystone_user_ssl_key | default(keystone_pki_keys_path ~ 'keystone_' ~ ansible_facts['hostname'] ~ '.key.pem') }}"
     dest: "{{ keystone_ssl_key }}"
-    owner: "keystone_system_user_name"
-    group: "keystone_system_group_name"
+    owner: "{{ keystone_system_user_name }}"
+    group: "{{ keystone_system_group_name }}"
     mode: "0600"
     condition: "{{ keystone_ssl }}"
   - src: "{{ keystone_user_ssl_ca_cert | default(keystone_pki_intermediate_cert_path) }}"
     dest: "{{ keystone_ssl_ca_cert }}"
-    owner: "keystone_system_user_name"
-    group: "keystone_system_group_name"
+    owner: "{{ keystone_system_user_name }}"
+    group: "{{ keystone_system_group_name }}"
     mode: "0644"
     condition: "{{ keystone_ssl }}"
   # IDP certificates
   - src: "{{ keystone_pki_dir ~ '/roots/' ~ keystone_idp_authority_name ~ '/certs/' ~ keystone_idp_authority_name ~ '.crt' }}"
-    dest: "{{ keystone_idp['certfile'] }}"
-    owner: "keystone_system_user_name"
+    dest: "{{ keystone_idp['certfile'] | default('') }}"
+    owner: "{{ keystone_system_user_name }}"
     group: "keystone_system_group_name"
     mode: "0640"
     condition: "{{ keystone_idp['certfile'] is defined | bool }}"
   - src: "{{ keystone_pki_dir ~ '/roots/' ~ keystone_idp_authority_name ~ '/private/' ~ keystone_idp_authority_name ~ '.key.pem' }}"
-    dest: "{{ keystone_idp['keyfile'] }}"
-    owner: "keystone_system_user_name"
-    group: "keystone_system_group_name"
+    dest: "{{ keystone_idp['keyfile'] | default('') }}"
+    owner: "{{ keystone_system_user_name }}"
+    group: "{{ keystone_system_group_name }}"
     mode: "0640"
     condition: "{{ keystone_idp['keyfile'] is defined | bool }}"