Pidgin / MSN – ‘Unable to validate certificate’

Yesterday, I was forced to do some work, at work, when Pidgin failed to connect to MSN. It has a hard day.

I use Ubuntu Maverick on my desktop, and started out using the ‘stock’ Ubuntu version. As this wasn’t working, my first thought was to upgrade to the latest Pidgin release. Before I’ve compiled it from source, but this time I just used a PPA (see here)

But still, it didn’t work.

Time to rummage some more – and I found the following bug report – so I added in my 2p, and waited. Eventually the following solution came up :

  1. Within Pidgin, go to Tools -> Certificates and delete the one for omega.contacts.msn.com
  2. Visit https://omega.contacts.msn.com and download the SSL certificate (e.g. if using Firefox, click on the SSL icon in the URL bar and then export it (save to file)).
  3. From within pidgin’s ‘tools -> certificates’ Certificate Manager click add, and add in the SSL certificate you’ve just saved.

Now it works again.

What is vaguely curious is why Adium (which I use on my Macbook at home) didn’t have a problem – I thought they [Pidgin + Adium] were built off the same code base, and expected it to break, but it didn’t.


Posted

in

by

Tags:

Comments

42 responses to “Pidgin / MSN – ‘Unable to validate certificate’”

  1. Jonkarra Avatar

    Empathy had the same problem a few weeks ago. I swear blind that MS mess with certs just to make it harder for open source apps.

  2. David Goodwin Avatar

    see also http://squidsrants.blogspot.com/2010/11/pidgin-msn-and-other-
    protocols.html
    which details another (perhaps better) approach.

    Pidgin have updated their certificates, so the next release will fix the problem anyway.

  3. SherBert Avatar
    SherBert

    Thank you Mr Dave Sir. Fixed my problem just nicely.

  4. Glayshure Avatar
    Glayshure

    Awesome, works like a charm on first attempt. Thanks for the tutorial. =)

  5. Pierre Avatar
    Pierre

    Thanks for the tip. I faced the same problem this morning on Windows. Meanwhile, I just did the first step only, and while attempting to to the second one (which I was not able to perform using Chrome) I realized that suddenly pidgin has been finally able to connect to MSN.

  6. JW Avatar

    It worked for me after completing step 1 only (deleting the omega certificate). Pidgin logged in to MSN immediately. Thanks for this.

  7. Katana_Steel Avatar
    Katana_Steel

    I had a look into that new certificate, and it says it’s valid from Nov. 15th 2010

  8. xenz Avatar
    xenz

    Thank you ! Follow your guide I was able to get back on MSN via pidgin.

  9. Greg Stevens Avatar
    Greg Stevens

    Thanks! Fixed it right up. Was worried I was actually going to have to use the official Live Messenger (yuck).

  10. kekkonj Avatar
    kekkonj

    I think Pidgin should have automatic certificate retrieval and acception procedure for these expiring certificates at least the way that it should ask whether it’s ok to retrieve a new one for the expiring one instead of this kind of tweaking of the certificates personally. I don’t mind, I hasve +20 years experience from Unix/Linux, but to get the Linux more popular within the common population, this shouldn’t be acceptable approach of the desktop sw.

  11. IZuStY Avatar
    IZuStY

    Mr. Goodwin’s fix works perfectly for me as well, thank you sir.

  12. Pablo Avatar
    Pablo

    Thnks! I didn’t kown what was going on :). I’ll share this on facebook 😉

  13. Brad Avatar

    Thanks! I love Pidgin so this was a bummer.

    Works now :).

  14. ericitaquera Avatar

    Thank you Mr David.

  15. jani mikkonen Avatar
    jani mikkonen

    Just to add more information. This same thing is happening with windows version of the pidgin too and same instructions do work but here’s one “gotcha” that might escape from some people.

    When you add the downloaded certificate to pidgin, dialog will present you a field which asks for a host for which this cert is valid. Default value is “*.contacts.msn.com”. I had to change that to point to full host so change that first “*” to “omega” or the cert does not work and you will still get those dialogs..

  16. Ignacio Avatar
    Ignacio

    Thank you. I had the same problem, and your post helped to resolve it 🙂

  17. yaaara Avatar

    now it works. Thanx!!!

  18. Fallen Avatar
    Fallen

    Thanks!
    Also just an fyi, this isn’t a linux problem, it’s a Pidgin problem (all platforms).

  19. Aaron Avatar
    Aaron

    Thanks so much for this fix!

  20. Mac Avatar
    Mac

    Thanks. Very useful.

  21. Artemis3 Avatar
    Artemis3

    @kekkonj I have seen pidgin do just that with jabber (XMPP) servers, i wonder why it doesn’t do it with msn?

    I did this manual certificate download and renewal thing in nov 19 as per the webupd8, and today nov 21 had to do it again. If this is going the way i think its going, it will become very annoying.

    As per suggested by David Goodwin (too bad the link got cropped), the more permanent solution is to download new intermediate certificates:

    http://developer.pidgin.im/wiki/MSNCertIssue

  22. KNiGHT999 Avatar

    I am unable to download the certificate from Firefox. Is there anyone who can download/upload the certificate somwhere and give me the link?
    I’m really facing problems not being able to connect to MSN.

  23. Lazz Avatar
    Lazz

    Thanks!

    Worked for me on Win 7 + Pidgin… this was bugging me for days.

  24. Mark Higgins Avatar

    Thank you sir – worked a charm.

  25. dhulme Avatar
    dhulme

    Thanks very much 🙂 Worked a treat 🙂

  26. Ming Avatar
    Ming

    Thanks for your tip.

  27. rmotters Avatar
    rmotters

    Thanks for your help.

    Worked perfectly

  28. CxOrg Avatar

    I appreciate your quick posting of the solution. I knew there was some common issue when neither Linux (Mandriva 2010.1) nor Windows versions could login.

  29. Cristian Ruz Avatar
    Cristian Ruz

    Same problem, same solution.
    Thanks! 🙂

  30. mike Avatar

    Thanks for the tip, man. I like me a quick fix like that in the morning.

  31. malih Avatar
    malih

    thanks, i tried the first step, and turns out if you delete the old one, i think may be pidgin automatically download a new one, so the other steps can be ignored safely.

  32. PIPV Avatar
    PIPV

    I am surprise almost everyone got it working with this tip. I just didnt work for me. I also removed my .purple foder from my $HOME dir, but nothing. Same errors. Using Mandriva 64 2010.1

  33. Mohammad Abu Karim Avatar

    Thanks for the solution.
    pidgin team post the MSN cert issue check the below link
    http://developer.pidgin.im/wiki/MSNCertIssue

  34. CxOrg Avatar

    I also deleted then replaced the certificate for https://login.live.com/
    To get the certificate click on the green or blue certificate bar then More Information>View Certificate>Details>Export Certificate in Firefox and save the file to disk.

  35. tron Avatar
    tron

    Downloading and Exporting the certificate did work on for the first couple of days, but some days later the same issue “unable to validate…” appeared again. Quite annoying…

  36. Ylva Avatar
    Ylva

    Follow these instructions for permanent fix (from Pidgin)

    http://developer.pidgin.im/wiki/MSNCertIssue >>

    Get the new intermediate certificates

    If you have followed other (incorrect) instructions to replace the ‘omega.contacts.msn.com’ certificate, then you must delete that certificate from Tools->Certificates first.

    Download Microsoft_Internet_Authority_2010.pem and Microsoft_Secure_Server_Authority_2010.pem then follow the appropriate set of directions below.
    Windows

    * Save the files to C:\Program Files\Pidgin\ca-certs (or C:\Program Files (x86)\Pidgin\ca-certs as appropriate)
    * Restart Pidgin

    Linux

    * Save the files to /usr/share/purple/ca-certs (or /usr/local/share/purple/ca-certs as appropriate)
    * Restart Pidgin

  37. Solokov Avatar
    Solokov

    Have tried this and installing the latest version of Pidgen multiple times. It isn’t working at all for me.

    It seemed that authentication was taking longer for the past few days now it isn’t working at all.

  38. Vannia Rajan Avatar

    Cool, works for me 🙂

  39. Steven Macintyre Avatar
    Steven Macintyre

    same issue on windows – your suggestion worked perfectly – thanks!

  40. leon Avatar
    leon

    My problem was solved automatically right after visiting this page. What a magic!!

  41. ben Avatar
    ben

    Brilliant, thanks 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *