diff --git a/systemd/step-ca.service b/systemd/step-ca.service
index 4b9975e7..1941a634 100644
--- a/systemd/step-ca.service
+++ b/systemd/step-ca.service
@@ -31,6 +31,7 @@ NoNewPrivileges=yes
 
 ; Sandboxing
 ProtectSystem=full
+ProtectHome=true
 RestrictNamespaces=true
 RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
 PrivateTmp=true