diff --git a/playbookconfig/src/playbooks/roles/common/generate-platform-certificates-template/tasks/main.yml b/playbookconfig/src/playbooks/roles/common/generate-platform-certificates-template/tasks/main.yml
index 8c09fa092..466021474 100644
--- a/playbookconfig/src/playbooks/roles/common/generate-platform-certificates-template/tasks/main.yml
+++ b/playbookconfig/src/playbooks/roles/common/generate-platform-certificates-template/tasks/main.yml
@@ -1,6 +1,6 @@
 ---
 #
-# Copyright (c) 2022 Wind River Systems, Inc.
+# Copyright (c) 2022-2023 Wind River Systems, Inc.
 #
 # SPDX-License-Identifier: Apache-2.0
 #
@@ -74,3 +74,5 @@
   template:
     src: platform_certificates.yml.j2
     dest: "{{ destination }}"
+    mode: '0640'
+  become: yes
diff --git a/playbookconfig/src/playbooks/roles/migrate-platform-certificates-to-certmanager/migrate-certificates/tasks/main.yml b/playbookconfig/src/playbooks/roles/migrate-platform-certificates-to-certmanager/migrate-certificates/tasks/main.yml
index 1ad7cbf91..8591e5cd8 100644
--- a/playbookconfig/src/playbooks/roles/migrate-platform-certificates-to-certmanager/migrate-certificates/tasks/main.yml
+++ b/playbookconfig/src/playbooks/roles/migrate-platform-certificates-to-certmanager/migrate-certificates/tasks/main.yml
@@ -1,6 +1,6 @@
 ---
 #
-# Copyright (c) 2021-2022 Wind River Systems, Inc.
+# Copyright (c) 2021-2023 Wind River Systems, Inc.
 #
 # SPDX-License-Identifier: Apache-2.0
 #
@@ -59,10 +59,10 @@
       include_role:
         name: common/generate-platform-certificates-template
       vars:
-        destination: /tmp/platform_certificates.yaml
+        destination: "{{ cert_manager_spec_file }}"
 
     - name: Apply kubernetes yaml to create cert-manager clusterissuer and certificates
-      command: kubectl apply -f /tmp/platform_certificates.yaml
+      command: kubectl apply -f "{{ cert_manager_spec_file }}"
       environment:
         KUBECONFIG: /etc/kubernetes/admin.conf
       register: create_k8_apply_ep
@@ -70,6 +70,12 @@
       retries: 10
       delay: 30
 
+    - name: Delete kubernetes yaml with certificate spec
+      file:
+        path: "{{ cert_manager_spec_file }}"
+        state: absent
+      become: yes
+
     - name: Force certificate renewals
       include_tasks: delete-kubernetes-objects.yml
       with_items:
diff --git a/playbookconfig/src/playbooks/roles/migrate-platform-certificates-to-certmanager/migrate-certificates/vars/main.yaml b/playbookconfig/src/playbooks/roles/migrate-platform-certificates-to-certmanager/migrate-certificates/vars/main.yaml
new file mode 100644
index 000000000..e88a86dfe
--- /dev/null
+++ b/playbookconfig/src/playbooks/roles/migrate-platform-certificates-to-certmanager/migrate-certificates/vars/main.yaml
@@ -0,0 +1,2 @@
+---
+cert_manager_spec_file: /tmp/platform_certificates.yaml