Permissions on my katello server look slightly different:
# ls -laZ /etc/pki/katello/private/
drwxr-x---. root foreman system_u:object_r:cert_t:s0 .
drwxr-xr-x. root foreman system_u:object_r:cert_t:s0 ..
-rw-r--r--. root root system_u:object_r:cert_t:s0 foreman.example.com-foreman-proxy-client-bundle.pem
-r--r-----. root qpidd system_u:object_r:cert_t:s0 foreman.example.com-qpid-broker.key
-r--------. root root unconfined_u:object_r:cert_t:s0 java-client.key
-r--r-----. root foreman system_u:object_r:cert_t:s0 katello-apache.key
-r--r-----. root foreman system_u:object_r:cert_t:s0 katello-default-ca.key
-r--------. root root system_u:object_r:cert_t:s0 katello-default-ca.pwd
-r--------. root root unconfined_u:object_r:cert_t:s0 katello-tomcat.key
-r--r-----. root foreman system_u:object_r:cert_t:s0 pulp-client.key