2010/11/19

Pidgin MSN Certificate error - omega.contacts.msn.com




UPDATE: WINDOWS USERS SHOULD DOWNLOAD PIDGIN 2.7.6 OR NEWER FOR THE SOLUTION. LINUX USERS SHOULD ALSO DOWNLOAD 2.7.6 OR NEWER IF POSSIBLE. IN CASE YOU DON'T HAVE ACCESS TO 2.7.6 ON LINUX, YOU CAN STILL USE THIS GUIDE.

This guide will assume that the certificate in question is omega.contacts.msn.com. In order to resolve this issue, we need to go through 2 steps
  • Get updated intermediate Certificates
  • Add them to our ca-certs directory
If you don't like following a guide off some random blog, the same solution is now on the official pidgin wiki. You can find it here http://developer.pidgin.im/wiki/MSNCertIssue. The same solution is described by following the guide below. 

Getting the new intermediate Certificates
Download this file. This file is hosted on the official Pidgin development site.
Download this file. This file is hosted on the official Pidgin development site.


    Updating pidgin with the new intermediate certificate
    Now we got the updated intermediate certificates, and we need to copy them to our pidgin ca-certs folder.

    WINDOWS
    • Copy the downloaded files (righ click -> copy)
    • Go to C:\Program Files\Pidgin\ca-certs\ folder
    • Paste the downloaded files there
    • Restart Pidgin
    • Done

    LINUX
    • Copy the downloaded files to /usr/share/purple/ca-certs/
    • Restart Pidgin
    • Done


    Credits
    nosnilmot is really the guy to be credited because he worked this thing out :)
    Everyone else on irc.freenode.net#pidgin
    The Pidgin dev team
    Anonymous helpers on these comments
    irc://irc.freenode.net #pidgin

    Leave your comments below. Thank you.

    88 comments:

    1. It works perfectly well. Thank you for this workaround.

      ReplyDelete
    2. Used Firefox.

      This is currently working for me, thanks!

      ReplyDelete
    3. Amazing. Simple, easy, 100% understandable. Thank you for the help. Greatly appreciated.

      ReplyDelete
    4. Thanks a lot! It's working perfectly for now. Let's see what happens. =)

      ReplyDelete
    5. Although this "works" you should all realize that you are blindly trusting whatever certificate happens to be presented to you when you access omega.contacts.msn.com instead of using the hierarchical trust that is normally provided through use of SSL certificates.

      ReplyDelete
    6. I undestand the risks involved, and i have included a word of warning in my guide. Thank you for your contribution!

      ReplyDelete
    7. Good job, thanks.

      ReplyDelete
    8. thanks it worked!

      ReplyDelete
    9. Great article. Works for me on 100%. Thanks a lot!

      ReplyDelete
    10. worked for 5 minutes. After that...bump. the same certificate error. help..

      ReplyDelete
    11. As i said: repeat the guide if it happens again. It will keep happening until Microsoft fixes their certificates.

      ReplyDelete
    12. Followed this procedure and it worked!
      "I found a way to fix this for those with a HotMail? account.. I went to my hotmail account's page, Logged into the MSN messenger there, And the next time I started pidgin it logged in just fine for that account. Could be worth trying."

      ReplyDelete
    13. This didn't work for me, but I found that copying in the PEM files worked instead. See: http://developer.pidgin.im/ticket/12906#comment:39

      ReplyDelete
    14. fix commited
      http://developer.pidgin.im/ticket/12906

      ReplyDelete
    15. I will update this guide. Thank you for notifying me!

      ReplyDelete
    16. that did the trick. Thanks

      ReplyDelete
    17. Thank you, this worked perfect. Too bad Pidgin couldn't figure this out and offer a fix, shame on them!

      ReplyDelete
    18. It is Not the Pidgin developer's fault, it's Microsoft's

      ReplyDelete
    19. perfect, thanks for this!

      ReplyDelete
    20. Thank god... works like a charm. <3

      ReplyDelete
    21. Linux users:

      1) First get the certs and place them in /usr/share/purple/ca-certs/ (as mentioned above).

      2) Shutdown Pidgin.

      3) rm -fr ~/.purple/certificates

      4) Restart Pidgin. Done.

      ReplyDelete
    22. Thank you, I will include this in my post!

      ReplyDelete
    23. Make sure you delete the "share_ca-certs_" part of the filenames first if you get them with it.

      ReplyDelete
    24. Tried the last fix but didn't work, I am having hard time with it

      ReplyDelete
    25. Thank you SQuID
      Greetings,
      Anonymous.

      ReplyDelete
    26. Heiner, What is the exact error you are getting?

      ReplyDelete
    27. Thanks a lot! it worked!

      ReplyDelete
    28. You friken' rock. With lazerz even.

      ReplyDelete
    29. ####################################

      THANK YOU VERY VERY VERY VERY MUCH!

      :D :) =] :P :] :B :b =D ;) ;D

      ####################################

      ReplyDelete
    30. Thanks for making me able to fix it :)

      ReplyDelete
    31. ty sym tried serveral options and this is working so far ..

      ReplyDelete
    32. I can't fix it, i'm on ubuntu 10.10 with pidgin 2.7.5.

      now i have this:

      Erreur du serveur de notification : End of stream

      ReplyDelete
    33. Thanks,

      worked for me on windows 7

      Hopefully they will give us a fix later on

      ReplyDelete
    34. Thank you! I was afraid I had to move to that ass smelling MSN... This one worked for me quick and easy!

      ReplyDelete
    35. Worked - but then I disconnected from the network, reconnected, and started getting errors again. Any idea why this is and how to make the fix permanent?

      ReplyDelete
    36. Repeat the procedure and restart pidgin

      ReplyDelete
    37. Thank you. Worked perfectly for me. Glad to have Pidgin back.

      ReplyDelete
    38. Thanks for your workaround and reply, but really when I disconnect several times a day I can't be repeating this every time.

      ReplyDelete
    39. This solution should fix your pidgin permanently. If you are getting the error messages again it means that you did not do something right.

      ReplyDelete
    40. Under Linux you should install CA certificates in ~/.purple/certificates/x509/ca ; then you don't need to be root to fix it. (and you won't make others trust microsoft if they don't want to ;))

      ReplyDelete
    41. I will try it on my linux VM, and if it works, i will change my blogpost. Thank you Anonymous :)

      ReplyDelete
    42. aweseom this worked!

      ReplyDelete
    43. Highly appreciated, works great on W7 32 bit and newest pidgin.

      ReplyDelete
    44. Thanks, works great on W7 64 bit and pidgin 2.7.5

      ReplyDelete
    45. On Ubuntu 10.04 the folder actually is:

      /home/*username*/.purple/certificates/x509/tls_peers

      ReplyDelete
    46. Thanks a lot! Works like a charm!

      ReplyDelete
    47. The ~/.purple/certificates/x509/ca directory doesn't work for everyone on Linux. The $prefix/share/purple/ca-certs path will.

      ReplyDelete
    48. Gracias desde España -> Pidgin Portable (PortableApps.com)
      On Windows XP SP3 and used from USB device Pendrive

      Many Thanks, by our enforce and our Work! Now work me nice!

      ReplyDelete
    49. Ahem.
      ~/.purple/certificates/x509/ca is not a useful place to put these certificates on unix/linux, as Pidgin does not actually look there. Please adjust the blog post to refer to the correct location of /usr/share/purple/ca-certs again.

      ReplyDelete
    50. Microsoft has several servers at omega.contacts.msn.com. Some are using one certificate, and some are using another. So, your fix will make it work if you happen to connect to one of the servers that is using the certificate that you downloaded, but you will get the error if you happen to connect to the other server. You can just click "Reconnect" several times until it works. Or, that is how it is working for me.

      ReplyDelete
    51. I'm using pidgin 2.7.3 on Debian (Lenny) and have followed the instructions to the letter, and checked and double checked. Unfortunately, the only change is that I now get the error message every few seconds, instead of only once...

      ReplyDelete
    52. Fixed the Linux ca-certs folder, sorry for the commotion

      ReplyDelete
    53. Wow. This is the method that worked!!!

      ReplyDelete
    54. Thanks for the advice!

      For Windows,
      C:\Program Files\Pidgin\ca-certs\
      could be changed to
      %ProgramFiles%\Pidgin\ca-certs\
      in the wiki for more generic purposes.

      This could take care of (valid) cases where the Program Files folder is located on another partition or has another folder name for some reason.

      The usage of "C:\Program Files\" as a hardcoded path isn't the best practice

      ReplyDelete
    55. Peter, I understand that it is not, but if put in %Program Files% majority of people would not understand what that means. Seeing that C:\Program Files is the default path in 99% of Windows instalation, i will just leave it as is.

      ReplyDelete
    56. On Ubuntu. it works nicely. Thanks a lot.

      ReplyDelete
    57. Cheers!! Works fine :) FInally someone resolves the problem...

      ReplyDelete
    58. it works, i can sign in but according to my buddys, i seems to be offline, its same in windows 7 or ubuntu 10.4

      ReplyDelete
    59. Hi, followed the instructions plus what andrew suggests for linux users. Works like a charm :D.

      Ubuntu 10.04 x86_64
      Pidgin 2.7.5

      ReplyDelete
    60. Thanks so very very much : DDDDDDDd

      i'm happy again ;D

      ReplyDelete
    61. Works with Fedora 14.

      Thanks a bunch.

      Jeff

      ReplyDelete
    62. Pidgin development team has released a new version of pidgin that fixes this error. You should download it from their website. If that is not currently possible for you, you can still use this guide.

      ReplyDelete
    63. Thanks for this - worked like a charm on Ubuntu Lucid Lynx :)

      ReplyDelete
    64. Works like a charm!

      ReplyDelete
    65. Sorry to bring bad news, but I still see this problem with Pidgin 2.7.6...

      I have double checked that I have the new Microsoft_Internet_Authority_2010.pem and Microsoft_Secure_Server_Authority_2010.pem intermediate certificates installed in my ca-certs directory, and even removed ~/.purple/certifcates/* (while pidgin wasn't running) to be sure.

      Please do something about this; I suppose there is more to this problem than what has been explained so far.

      ReplyDelete
    66. Sexy, works, finally!!

      p.s. i love you.

      ReplyDelete
    67. Hey SQuID, posted this solution(in Spanish) on my website giving the proper credits, hope you don't mind.

      ReplyDelete
    68. You can repost this solution to any site.

      For those of you who still have problems after pidgin update and/or this solution, go to #pidgin on irc.freenode.net.

      Before asking for help on irc, make SURE that you have followed these instructions (or instructions on the pidgin wiki) to the letter. Also READ THE TOPIC on the irc channel before asking anything.

      ReplyDelete
    69. This solution has worked for me.

      Thanks a bunch.

      1g/-\c10

      ReplyDelete
    70. Works perfectly, only need to delete these files on the dir /usr/share/purple/ca-certs/

      >Microsoft_Internet_Authority.pem
      >Microsoft_Secure_Server_Authority.pem

      Then copy the proposed certificates on the same dir and start pidgin.

      Thanks a lot.

      ReplyDelete
    71. Thank you for the work around. This worked perfectly. Been fighting this for about a week now.

      ReplyDelete
    72. @Yosoyfelipe
      It is not necessary to delete previous certificates.

      ReplyDelete
    73. apparently 2.7.6 on windows does not fix the login problem since I still got the server error messages and being disconnected all the time.

      ReplyDelete
    74. works great!
      thanks a lot :)

      ReplyDelete
    75. yeah, this is great!
      thanks!

      ReplyDelete

    Labels

    bnetd (1) centos (1) certificate (1) howto (2) linux (2) pidgin (1) pvpgn (1) windows (1)