diff --git a/entrypoint.sh b/entrypoint.sh
index 3d709e6..cceab51 100644
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -56,6 +56,17 @@ socket = ${MYSQL_SOCKET}
 EOF
     chmod 600 "${CONFIG_DIR}/exporter.cnf"
 
+    # Set up SSL and CA trust directories with proper permissions
+    mkdir -p "${MYSQL_SSL_DIR}" "${MYSQL_SSL_TRUST_DIR}"
+    chown -R mysql:mysql "${MYSQL_SSL_DIR}" "${MYSQL_SSL_TRUST_DIR}"
+    chmod 750 "${MYSQL_SSL_DIR}" "${MYSQL_SSL_TRUST_DIR}"
+
+    # Ensure state directory structure exists with proper permissions
+    mkdir -p "${STATE_DIR}/ca-trust"
+    chown -R mysql:mysql "${STATE_DIR}"
+    chmod 750 "${STATE_DIR}"
+    chmod 700 "${STATE_DIR}/ca-trust"
+
     # Set proper permissions
     chown -R mysql:mysql $DATA_ROOT $RUN_DIR $LOG_DIR $CONFIG_DIR
     chmod 750 $DATA_ROOT $DATA_DIR
diff --git a/lib/mysql-startup.sh b/lib/mysql-startup.sh
index 1e541c2..562ef71 100644
--- a/lib/mysql-startup.sh
+++ b/lib/mysql-startup.sh
@@ -221,25 +221,30 @@ init_ca_trust() {
         return 1
     fi
 
-    # Create and clean CA trust directory
-    mkdir -p "${MYSQL_SSL_TRUST_DIR}"
-    rm -f "${MYSQL_SSL_TRUST_DIR}"/*
+    # Create CA trust directory if it doesn't exist
+    if [ ! -d "${MYSQL_SSL_TRUST_DIR}" ]; then
+        log_error "CA trust directory ${MYSQL_SSL_TRUST_DIR} does not exist"
+        return 1
+    fi
+
+    # Clean directory with proper error handling
+    find "${MYSQL_SSL_TRUST_DIR}" -type f -delete 2>/dev/null || {
+        log_warn "Failed to clean CA trust directory, continuing anyway"
+    }
     
     # Copy our CA certificate
-    cp "${MYSQL_SSL_CA}" "${MYSQL_SSL_TRUST_DIR}/" || {
+    if ! cp "${MYSQL_SSL_CA}" "${MYSQL_SSL_TRUST_DIR}/"; then
         log_error "Failed to copy CA certificate to trust directory"
         return 1
-    }
+    fi
     
     # Create hash symlinks
-    c_rehash "${MYSQL_SSL_TRUST_DIR}" || {
+    if ! c_rehash "${MYSQL_SSL_TRUST_DIR}" 2>/dev/null; then
         log_error "Failed to create certificate hash links"
         return 1
-    }
-    
-    # Set proper permissions
-    chown -R mysql:mysql "${MYSQL_SSL_TRUST_DIR}"
-    chmod -R 500 "${MYSQL_SSL_TRUST_DIR}"
+    fi
+
+    return 0
 }
 
 # Generate SSL certificates if needed
@@ -507,4 +512,4 @@ start_mysql() {
     fi
 
     return 0
-}
+}/check