UPDATE: WINDOWS USERS SHOULD DOWNLOAD PIDGIN 2.7.6 OR NEWER FOR THE SOLUTION. LINUX USERS SHOULD ALSO DOWNLOAD 2.7.6 OR NEWER IF POSSIBLE. IN CASE YOU DON'T HAVE ACCESS TO 2.7.6 ON LINUX, YOU CAN STILL USE THIS GUIDE.
This guide will assume that the certificate in question is omega.contacts.msn.com. In order to resolve this issue, we need to go through 2 steps
- Get updated intermediate Certificates
- Add them to our ca-certs directory
If you don't like following a guide off some random blog, the same solution is now on the official pidgin wiki. You can find it here http://developer.pidgin.im/wiki/MSNCertIssue. The same solution is described by following the guide below.
Getting the new intermediate Certificates
Download this file. This file is hosted on the official Pidgin development site.
Download this file. This file is hosted on the official Pidgin development site.
Download this file. This file is hosted on the official Pidgin development site.
Now we got the updated intermediate certificates, and we need to copy them to our pidgin ca-certs folder.
WINDOWS
- Copy the downloaded files (righ click -> copy)
- Go to C:\Program Files\Pidgin\ca-certs\ folder
- Paste the downloaded files there
- Restart Pidgin
- Done
- Copy the downloaded files to /usr/share/purple/ca-certs/
- Restart Pidgin
- Done
Credits
nosnilmot is really the guy to be credited because he worked this thing out :)
Everyone else on irc.freenode.net#pidgin
The Pidgin dev team
Anonymous helpers on these comments
Anonymous helpers on these comments
irc://irc.freenode.net #pidgin
Leave your comments below. Thank you.
It works perfectly well. Thank you for this workaround.
ReplyDeleteUsed Firefox.
ReplyDeleteThis is currently working for me, thanks!
Amazing. Simple, easy, 100% understandable. Thank you for the help. Greatly appreciated.
ReplyDeleteThanks a lot! It's working perfectly for now. Let's see what happens. =)
ReplyDeleteAlthough this "works" you should all realize that you are blindly trusting whatever certificate happens to be presented to you when you access omega.contacts.msn.com instead of using the hierarchical trust that is normally provided through use of SSL certificates.
ReplyDeleteI undestand the risks involved, and i have included a word of warning in my guide. Thank you for your contribution!
ReplyDeleteGood job, thanks.
ReplyDeleteTHANKS :)
ReplyDeletethanks it worked!
ReplyDeletethx, worked !!
ReplyDeleteGreat article. Works for me on 100%. Thanks a lot!
ReplyDeleteTnx!! It works!
ReplyDeleteworked for 5 minutes. After that...bump. the same certificate error. help..
ReplyDeleteAs i said: repeat the guide if it happens again. It will keep happening until Microsoft fixes their certificates.
ReplyDeleteFollowed this procedure and it worked!
ReplyDelete"I found a way to fix this for those with a HotMail? account.. I went to my hotmail account's page, Logged into the MSN messenger there, And the next time I started pidgin it logged in just fine for that account. Could be worth trying."
This didn't work for me, but I found that copying in the PEM files worked instead. See: http://developer.pidgin.im/ticket/12906#comment:39
ReplyDeletefix commited
ReplyDeletehttp://developer.pidgin.im/ticket/12906
I will update this guide. Thank you for notifying me!
ReplyDeletethat did the trick. Thanks
ReplyDeleteThank you, this worked perfect. Too bad Pidgin couldn't figure this out and offer a fix, shame on them!
ReplyDeleteIt is Not the Pidgin developer's fault, it's Microsoft's
ReplyDeleteperfect, thanks for this!
ReplyDeleteThank god... works like a charm. <3
ReplyDeleteLinux users:
ReplyDelete1) First get the certs and place them in /usr/share/purple/ca-certs/ (as mentioned above).
2) Shutdown Pidgin.
3) rm -fr ~/.purple/certificates
4) Restart Pidgin. Done.
Thank you, I will include this in my post!
ReplyDeleteworks thx!
ReplyDeleteMake sure you delete the "share_ca-certs_" part of the filenames first if you get them with it.
ReplyDeleteTried the last fix but didn't work, I am having hard time with it
ReplyDeleteThank you SQuID
ReplyDeleteGreetings,
Anonymous.
Heiner, What is the exact error you are getting?
ReplyDeleteThanks a lot! it worked!
ReplyDeleteYou friken' rock. With lazerz even.
ReplyDelete####################################
ReplyDeleteTHANK YOU VERY VERY VERY VERY MUCH!
:D :) =] :P :] :B :b =D ;) ;D
####################################
Thanks for making me able to fix it :)
ReplyDeleteYay! Thanks a bunch, man!
ReplyDeletety sym tried serveral options and this is working so far ..
ReplyDeleteI can't fix it, i'm on ubuntu 10.10 with pidgin 2.7.5.
ReplyDeletenow i have this:
Erreur du serveur de notification : End of stream
Thanks,
ReplyDeleteworked for me on windows 7
Hopefully they will give us a fix later on
thanks man!
ReplyDeleteThank you! I was afraid I had to move to that ass smelling MSN... This one worked for me quick and easy!
ReplyDeleteWorked - but then I disconnected from the network, reconnected, and started getting errors again. Any idea why this is and how to make the fix permanent?
ReplyDeleteRepeat the procedure and restart pidgin
ReplyDeleteThank you. Worked perfectly for me. Glad to have Pidgin back.
ReplyDeleteThanks for your workaround and reply, but really when I disconnect several times a day I can't be repeating this every time.
ReplyDeleteThis solution should fix your pidgin permanently. If you are getting the error messages again it means that you did not do something right.
ReplyDeleteUnder Linux you should install CA certificates in ~/.purple/certificates/x509/ca ; then you don't need to be root to fix it. (and you won't make others trust microsoft if they don't want to ;))
ReplyDeleteI will try it on my linux VM, and if it works, i will change my blogpost. Thank you Anonymous :)
ReplyDeleteaweseom this worked!
ReplyDeleteThanks, works well for me.
ReplyDeleteHighly appreciated, works great on W7 32 bit and newest pidgin.
ReplyDeleteThanks, works great on W7 64 bit and pidgin 2.7.5
ReplyDeleteOn Ubuntu 10.04 the folder actually is:
ReplyDelete/home/*username*/.purple/certificates/x509/tls_peers
saved my day! ^^
ReplyDeletemany tks.
kudos
Thanks a lot! Works like a charm!
ReplyDeleteThe ~/.purple/certificates/x509/ca directory doesn't work for everyone on Linux. The $prefix/share/purple/ca-certs path will.
ReplyDeleteGracias desde España -> Pidgin Portable (PortableApps.com)
ReplyDeleteOn Windows XP SP3 and used from USB device Pendrive
Many Thanks, by our enforce and our Work! Now work me nice!
Ahem.
ReplyDelete~/.purple/certificates/x509/ca is not a useful place to put these certificates on unix/linux, as Pidgin does not actually look there. Please adjust the blog post to refer to the correct location of /usr/share/purple/ca-certs again.
Microsoft has several servers at omega.contacts.msn.com. Some are using one certificate, and some are using another. So, your fix will make it work if you happen to connect to one of the servers that is using the certificate that you downloaded, but you will get the error if you happen to connect to the other server. You can just click "Reconnect" several times until it works. Or, that is how it is working for me.
ReplyDeleteI'm using pidgin 2.7.3 on Debian (Lenny) and have followed the instructions to the letter, and checked and double checked. Unfortunately, the only change is that I now get the error message every few seconds, instead of only once...
ReplyDeleteFixed the Linux ca-certs folder, sorry for the commotion
ReplyDeleteThanks a lot :D
ReplyDeleteWow. This is the method that worked!!!
ReplyDeleteThanks so much
ReplyDeleteit works ;)
Thanks for the advice!
ReplyDeleteFor Windows,
C:\Program Files\Pidgin\ca-certs\
could be changed to
%ProgramFiles%\Pidgin\ca-certs\
in the wiki for more generic purposes.
This could take care of (valid) cases where the Program Files folder is located on another partition or has another folder name for some reason.
The usage of "C:\Program Files\" as a hardcoded path isn't the best practice
Peter, I understand that it is not, but if put in %Program Files% majority of people would not understand what that means. Seeing that C:\Program Files is the default path in 99% of Windows instalation, i will just leave it as is.
ReplyDeleteOn Ubuntu. it works nicely. Thanks a lot.
ReplyDeleteCheers!! Works fine :) FInally someone resolves the problem...
ReplyDeleteit works, i can sign in but according to my buddys, i seems to be offline, its same in windows 7 or ubuntu 10.4
ReplyDeleteHi, followed the instructions plus what andrew suggests for linux users. Works like a charm :D.
ReplyDeleteUbuntu 10.04 x86_64
Pidgin 2.7.5
Thanks so very very much : DDDDDDDd
ReplyDeletei'm happy again ;D
Works with Fedora 14.
ReplyDeleteThanks a bunch.
Jeff
Pidgin development team has released a new version of pidgin that fixes this error. You should download it from their website. If that is not currently possible for you, you can still use this guide.
ReplyDeleteThanks for this - worked like a charm on Ubuntu Lucid Lynx :)
ReplyDeleteWorks like a charm!
ReplyDeleteSorry to bring bad news, but I still see this problem with Pidgin 2.7.6...
ReplyDeleteI have double checked that I have the new Microsoft_Internet_Authority_2010.pem and Microsoft_Secure_Server_Authority_2010.pem intermediate certificates installed in my ca-certs directory, and even removed ~/.purple/certifcates/* (while pidgin wasn't running) to be sure.
Please do something about this; I suppose there is more to this problem than what has been explained so far.
Sexy, works, finally!!
ReplyDeletep.s. i love you.
Hey SQuID, posted this solution(in Spanish) on my website giving the proper credits, hope you don't mind.
ReplyDeleteYou can repost this solution to any site.
ReplyDeleteFor those of you who still have problems after pidgin update and/or this solution, go to #pidgin on irc.freenode.net.
Before asking for help on irc, make SURE that you have followed these instructions (or instructions on the pidgin wiki) to the letter. Also READ THE TOPIC on the irc channel before asking anything.
This solution has worked for me.
ReplyDeleteThanks a bunch.
1g/-\c10
Works perfectly, only need to delete these files on the dir /usr/share/purple/ca-certs/
ReplyDelete>Microsoft_Internet_Authority.pem
>Microsoft_Secure_Server_Authority.pem
Then copy the proposed certificates on the same dir and start pidgin.
Thanks a lot.
Thank you for the work around. This worked perfectly. Been fighting this for about a week now.
ReplyDelete@Yosoyfelipe
ReplyDeleteIt is not necessary to delete previous certificates.
Thank you!!
ReplyDeleteapparently 2.7.6 on windows does not fix the login problem since I still got the server error messages and being disconnected all the time.
ReplyDeleteworks great!
ReplyDeletethanks a lot :)
yeah, this is great!
ReplyDeletethanks!