SSL certificates cause server start failure
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
mumble (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
After installing a server digital certificate from a public certicate authority (CA) into the preferred server-wide location for such files:
# ls -l /etc/ssl/
-r--r--r-- 1 root root 1948 2012-06-25 01:15 /etc/ssl/
-rw-r----- 1 root root 1679 2012-06-25 01:10 /etc/ssl/
the mumble-server fails to start, reporting:
# service mumble-server start
<W>2012-06-25 01:51:20.111 Initializing settings from /etc/mumble-
<C>2012-06-25 01:51:20.113 Failed to read /etc/ssl/
<F>2012-06-25 01:51:20.113 No private key found in certificate or key file.
This is caused by the service start-up script '/etc/init.
The daemon drops privileges itself to the user ID configured in '/etc/mumble-
uname=mumble-server
The workaround is to add the following to the end of '/etc/defaults/
# If the server is using SSL certificates installed in a root-only location such as
# /etc/ssl/certs/ and etc/ssl/private/ then the daemon must start as root in order
# to read these files - especially to read the key.
# the daemon drops privileges itself later based on the /etc/mumble-
USER=root
Status changed to 'Confirmed' because the bug affects multiple users.