Mac OS X Server 10.4: SSL-enabled services may not work properly on an upgraded server

SSL-enabled services such as iChat and Mail may not work properly on a Mac OS X 10.4 (build 8A428) server that was upgraded from Mac OS X Server 10.3. This happens because the "certusers" group is not created during the upgrade.

For example, when you attempt to start the iChat service, you may see lines like the following ones appear in the system log (/var/log/system.log):


May 5 19:28:37 xserve iChatServer-jabberd[1041]: 20050506T00:28:37: [error] (-configure): SSL Connections are disabled. [error: 0200100D:system library:fopen:Permission denied] while using SSL certificate file '/etc/certificates/Default.crtkey' for host '0.0.0.0'.
May 5 19:28:37 xserve iChatServer-jabberd[1041]: 20050506T00:28:37: [notice] (-internal): initializing server
May 5 19:28:37 xserve iChatServer-jabberd[1041]: 20050506T00:28:37: [notice] (-internal): server started
May 5 19:28:59 xserve iChatServer-jabberd[1041]: 20050506T00:28:59: [notice] (-internal): shutting down server
May 5 19:30:02 xserve iChatServer-jabberd[1051]: 20050506T00:30:02: [error] (-configure): SSL Connections are disabled. [error: 0200100D:system library:fopen:Permission denied] while using SSL certificate file '/etc/certificates/Default.crtkey' for host '0.0.0.0'.
May 5 19:30:02 xserve iChatServer-jabberd[1051]: 20050506T00:30:02: [notice] (-internal): initializing server
May 5 19:30:02 xserve iChatServer-jabberd[1051]: 20050506T00:30:02: [notice] (-internal): server started
May 5 19:30:41 xserve iChatServer-jabberd[1051]: 20050506T00:30:41: [notice] (-internal): shutting down server

To resolve this issue, do the following:

  1. Be sure you are logged in as an administrator.
  2. Open Terminal (/Applications/Utilities/).
  3. Execute this command:

    echo 'certusers:*:29:root,jabber,postfix,cyrusimap' | sudo niload group .

    Note: For convenience, you can copy and paste this into the Terminal window. If you do, be sure to copy/paste the final period.
  4. Enter your admin user password if prompted.
  5. Restart the server.

This document will be updated as more information becomes available.

Published Date: Oct 11, 2016