SSL certificates cause server start failure

After installing a server digital certificate from a public certicate authority (CA) into the preferred server-wide location for such files:

# ls -l /etc/ssl/certs/iam.tj.pem /etc/ssl/private/iam.tj.key
-r--r--r-- 1 root root 1948 2012-06-25 01:15 /etc/ssl/certs/iam.tj.pem
-rw-r----- 1 root root 1679 2012-06-25 01:10 /etc/ssl/private/iam.tj.key

the mumble-server fails to start, reporting:

# service mumble-server start
<W>2012-06-25 01:51:20.111 Initializing settings from /etc/mumble-server.ini (basepath /etc)
<C>2012-06-25 01:51:20.113 Failed to read /etc/ssl/private/iam.tj.key
<F>2012-06-25 01:51:20.113 No private key found in certificate or key file.

This is caused by the service start-up script '/etc/init.d/mumble-server' setting the user ID of the daemon process to "mumble-server" rather than letting it start is "root".

The daemon drops privileges itself to the user ID configured in '/etc/mumble-server.ini' once it has read the SSL key file and (potentially) connected to a privileged port number (les than 1024):

uname=mumble-server

The workaround is to add the following to the end of '/etc/defaults/mumble-server'

# If the server is using SSL certificates installed in a root-only location such as
# /etc/ssl/certs/ and etc/ssl/private/ then the daemon must start as root in order
# to read these files - especially to read the key.
# the daemon drops privileges itself later based on the /etc/mumble-server.ini "uname" setting
USER=root