Pidgin / MSN – ‘Unable to validate certificate’

Yesterday, I was forced to do some work, at work, when Pidgin failed to connect to MSN. It has a hard day.

I use Ubuntu Maverick on my desktop, and started out using the ‘stock’ Ubuntu version. As this wasn’t working, my first thought was to upgrade to the latest Pidgin release. Before I’ve compiled it from source, but this time I just used a PPA (see here)

But still, it didn’t work.

Time to rummage some more – and I found the following bug report – so I added in my 2p, and waited. Eventually the following solution came up :

  1. Within Pidgin, go to Tools -> Certificates and delete the one for omega.contacts.msn.com
  2. Visit https://omega.contacts.msn.com and download the SSL certificate (e.g. if using Firefox, click on the SSL icon in the URL bar and then export it (save to file)).
  3. From within pidgin’s ‘tools -> certificates’ Certificate Manager click add, and add in the SSL certificate you’ve just saved.

Now it works again.

What is vaguely curious is why Adium (which I use on my Macbook at home) didn’t have a problem – I thought they [Pidgin + Adium] were built off the same code base, and expected it to break, but it didn’t.

42 thoughts on “Pidgin / MSN – ‘Unable to validate certificate’”

  1. Thanks for the tip. I faced the same problem this morning on Windows. Meanwhile, I just did the first step only, and while attempting to to the second one (which I was not able to perform using Chrome) I realized that suddenly pidgin has been finally able to connect to MSN.

  2. It worked for me after completing step 1 only (deleting the omega certificate). Pidgin logged in to MSN immediately. Thanks for this.

  3. Thanks! Fixed it right up. Was worried I was actually going to have to use the official Live Messenger (yuck).

  4. I think Pidgin should have automatic certificate retrieval and acception procedure for these expiring certificates at least the way that it should ask whether it’s ok to retrieve a new one for the expiring one instead of this kind of tweaking of the certificates personally. I don’t mind, I hasve +20 years experience from Unix/Linux, but to get the Linux more popular within the common population, this shouldn’t be acceptable approach of the desktop sw.

  5. Just to add more information. This same thing is happening with windows version of the pidgin too and same instructions do work but here’s one “gotcha” that might escape from some people.

    When you add the downloaded certificate to pidgin, dialog will present you a field which asks for a host for which this cert is valid. Default value is “*.contacts.msn.com”. I had to change that to point to full host so change that first “*” to “omega” or the cert does not work and you will still get those dialogs..

  6. @kekkonj I have seen pidgin do just that with jabber (XMPP) servers, i wonder why it doesn’t do it with msn?

    I did this manual certificate download and renewal thing in nov 19 as per the webupd8, and today nov 21 had to do it again. If this is going the way i think its going, it will become very annoying.

    As per suggested by David Goodwin (too bad the link got cropped), the more permanent solution is to download new intermediate certificates:

    http://developer.pidgin.im/wiki/MSNCertIssue

  7. I am unable to download the certificate from Firefox. Is there anyone who can download/upload the certificate somwhere and give me the link?
    I’m really facing problems not being able to connect to MSN.

  8. I appreciate your quick posting of the solution. I knew there was some common issue when neither Linux (Mandriva 2010.1) nor Windows versions could login.

  9. thanks, i tried the first step, and turns out if you delete the old one, i think may be pidgin automatically download a new one, so the other steps can be ignored safely.

  10. I am surprise almost everyone got it working with this tip. I just didnt work for me. I also removed my .purple foder from my $HOME dir, but nothing. Same errors. Using Mandriva 64 2010.1

  11. I also deleted then replaced the certificate for https://login.live.com/
    To get the certificate click on the green or blue certificate bar then More Information>View Certificate>Details>Export Certificate in Firefox and save the file to disk.

  12. Downloading and Exporting the certificate did work on for the first couple of days, but some days later the same issue “unable to validate…” appeared again. Quite annoying…

  13. Follow these instructions for permanent fix (from Pidgin)

    http://developer.pidgin.im/wiki/MSNCertIssue >>

    Get the new intermediate certificates

    If you have followed other (incorrect) instructions to replace the ‘omega.contacts.msn.com’ certificate, then you must delete that certificate from Tools->Certificates first.

    Download Microsoft_Internet_Authority_2010.pem and Microsoft_Secure_Server_Authority_2010.pem then follow the appropriate set of directions below.
    Windows

    * Save the files to C:\Program Files\Pidgin\ca-certs (or C:\Program Files (x86)\Pidgin\ca-certs as appropriate)
    * Restart Pidgin

    Linux

    * Save the files to /usr/share/purple/ca-certs (or /usr/local/share/purple/ca-certs as appropriate)
    * Restart Pidgin

  14. Have tried this and installing the latest version of Pidgen multiple times. It isn’t working at all for me.

    It seemed that authentication was taking longer for the past few days now it isn’t working at all.

Leave a Reply

Your email address will not be published. Required fields are marked *