diff --git a/pkg/certificate/service.go b/pkg/certificate/service.go
index ffa0c82d..2b5f3e4a 100644
--- a/pkg/certificate/service.go
+++ b/pkg/certificate/service.go
@@ -209,6 +209,10 @@ func New(ctx context.Context, idCfg *config.IdentityConfig) (daemon.Daemon, erro
 	}
 
 	run := func() error {
+		if err := idCfg.ValidateCertFilePath(); err != nil {
+			return err
+		}
+
 		if idCfg.ServiceCert.CopperArgos.Use {
 			log.Infof("Attempting to request x509 certificate to identity provider[%s]...", idCfg.ServiceCert.CopperArgos.Provider)
 
diff --git a/pkg/config/validate-file-path.go b/pkg/config/validate-file-path.go
new file mode 100644
index 00000000..64351782
--- /dev/null
+++ b/pkg/config/validate-file-path.go
@@ -0,0 +1,69 @@
+// Copyright 2023 LY Corporation
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package config
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+
+	"golang.org/x/sys/unix"
+)
+
+func validFilePath(file_path string) error {
+	dir_path := filepath.Dir(file_path)
+	var target_path string
+	_, file_err := os.Stat(file_path)
+	_, dir_err := os.Stat(dir_path)
+
+	if file_err == nil {
+		// validate file path
+		target_path = file_path
+	} else if os.IsNotExist(file_err) && dir_err == nil {
+		// validate dir path
+		target_path = dir_path
+	} else {
+		return fmt.Errorf("file path not exist: %w, %w", file_err, dir_err)
+	}
+
+	err := unix.Access(target_path, unix.W_OK)
+	if err != nil {
+		return fmt.Errorf("file permission error: %w", err)
+	}
+
+	return nil
+}
+
+// Verify that the certificate file paths are in writable locations
+func (idCfg *IdentityConfig) ValidateCertFilePath() error {
+	// When idCfg.ServiceCert.LocalCert.Use is true, skip file writing and return early
+	if idCfg.ServiceCert.LocalCert.Use {
+		return nil
+	}
+
+	for _, certFile := range idCfg.ServiceCert.CopperArgos.Cert.Paths {
+		err := validFilePath(certFile)
+		if err != nil {
+			return err
+		}
+	}
+	for _, keyFile := range idCfg.ServiceCert.CopperArgos.Key.Paths {
+		err := validFilePath(keyFile)
+		if err != nil {
+			return err
+		}
+	}
+	return validFilePath(idCfg.CaCertFile)
+}