diff --git a/lib/cli/nodesetupcommand.cpp b/lib/cli/nodesetupcommand.cpp
index da63d003c..2a685b503 100644
--- a/lib/cli/nodesetupcommand.cpp
+++ b/lib/cli/nodesetupcommand.cpp
@@ -524,15 +524,17 @@ int NodeSetupCommand::SetupNode(const boost::program_options::variables_map& vm,
 
 	if (!ticket.IsEmpty()) {
 		String ticketPath = ApiListener::GetCertsDir() + "/ticket";
+		AtomicFile af (ticketPath, 0600);
 
-		AtomicFile::Write(ticketPath, 0600, ticket);
-
-		if (!Utility::SetFileOwnership(ticketPath, user, group)) {
+		if (!Utility::SetFileOwnership(af.GetTempFilename(), user, group)) {
 			Log(LogWarning, "cli")
 				<< "Cannot set ownership for user '" << user
 				<< "' group '" << group
 				<< "' on file '" << ticketPath << "'. Verify it yourself!";
 		}
+
+		af << ticket;
+		af.Commit();
 	}
 
 	/* If no parent connection was made, the user must supply the ca.crt before restarting Icinga 2.*/
diff --git a/lib/cli/nodewizardcommand.cpp b/lib/cli/nodewizardcommand.cpp
index 1f7d33578..3a3cd42bd 100644
--- a/lib/cli/nodewizardcommand.cpp
+++ b/lib/cli/nodewizardcommand.cpp
@@ -553,15 +553,17 @@ wizard_global_zone_loop_start:
 
 	if (!ticket.IsEmpty()) {
 		String ticketPath = ApiListener::GetCertsDir() + "/ticket";
+		AtomicFile af (ticketPath, 0600);
 
-		AtomicFile::Write(ticketPath, 0600, ticket);
-
-		if (!Utility::SetFileOwnership(ticketPath, user, group)) {
+		if (!Utility::SetFileOwnership(af.GetTempFilename(), user, group)) {
 			Log(LogWarning, "cli")
 				<< "Cannot set ownership for user '" << user
 				<< "' group '" << group
 				<< "' on file '" << ticketPath << "'. Verify it yourself!";
 		}
+
+		af << ticket;
+		af.Commit();
 	}
 
 	/* If no parent connection was made, the user must supply the ca.crt before restarting Icinga 2.*/