diff --git a/rust/agama-server/src/cert.rs b/rust/agama-server/src/cert.rs
index 17e2d2e8c6..e5ad924bd0 100644
--- a/rust/agama-server/src/cert.rs
+++ b/rust/agama-server/src/cert.rs
@@ -27,16 +27,20 @@ use openssl::x509::{X509NameBuilder, X509};
 //     pub write(...)
 // }
 
-const DEFAULT_CERT_FILE: &str = "/run/agama/cert.pem";
-const DEFAULT_KEY_FILE: &str = "/run/agama/key.pem";
+const DEFAULT_CERT_DIR: &str = "/run/agama/ssl";
 
 /// Writes the certificate and the key to the well known location
 pub fn write_certificate(cert: X509, key: PKey<Private>) -> anyhow::Result<()> {
+    // check and create default dir if needed
+    if ! Path::new(DEFAULT_CERT_DIR).is_dir() {
+        std::fs::create_dir_all(DEFAULT_CERT_DIR)?;
+    }
+
     if let Ok(bytes) = cert.to_pem() {
-        fs::write(Path::new(DEFAULT_CERT_FILE), bytes)?;
+        fs::write(Path::new(DEFAULT_CERT_DIR).join("cert.pem"), bytes)?;
     }
     if let Ok(bytes) = key.public_key_to_pem() {
-        fs::write(Path::new(DEFAULT_KEY_FILE), bytes)?;
+        fs::write(Path::new(DEFAULT_CERT_DIR).join("key.pem"), bytes)?;
     }
 
     Ok(())