diff --git a/client/gatehouse-cli.py b/client/gatehouse-cli.py
index 97c4505..2bf5ad2 100755
--- a/client/gatehouse-cli.py
+++ b/client/gatehouse-cli.py
@@ -369,6 +369,7 @@ def request_certificate(org_id=None):
             json_result = response.json().get('data', response.json())
             with open(CERT_FILE_PATH, 'w') as f:
                 f.write(json_result['certificate'])
+            os.chmod(CERT_FILE_PATH, 0o600)
             logger.info(f"Certificate signed successfully, located at {CERT_FILE_PATH}")
             logger.info(f"Valid for principals: {', '.join(json_result.get('principals', principals))}")
             
@@ -432,11 +433,13 @@ def generate_and_sign_challenge(ssh_key_file, key_id):
 
         with open(CHALLENGE_FILE_PATH, 'w') as f:
             f.write(challenge_text)
+        os.chmod(CHALLENGE_FILE_PATH, 0o600)
 
         subprocess.run(
             ["ssh-keygen", "-Y", "sign", "-f", ssh_key_file, "-n", "file", CHALLENGE_FILE_PATH],
             check=True,
         )
+        os.chmod(CHALLENGE_SIG_FILE_PATH, 0o600)
 
         with open(CHALLENGE_SIG_FILE_PATH, 'rb') as f:
             signature = base64.b64encode(f.read()).decode('utf-8')