This post has been updated YET AGAIN, which makes this rev 5!
Since this post is still getting a lot of traffic, here is a PSA. Pidgin has just released version 2.7.7, which completely fixes the MSN certificate issue, enables multiple MSN logins, and fixes the AIM SSL Handshake Failure error. You should go download it now.
I launched Pidgin this morning to discover that Microsoft’s instant messaging (what is called this week? Live? Undead? MSX?) had changed something which threw Pidgin a curve ball. The error message is “The certificate for omega.contacts.msn.com could not be validated. The certificate chain presented is invalid.”
It seems the certificate that Microsoft uses to secure access to your buddy list was updated with new wildcard certificates and that there is an issue with the intermediate CAs referenced in the chain. The fine folks at Pidgin have released a new version, 2.7.7 which incorporates these new intermediate CAs, and fixes some other stuff, and you should upgrade immediately.
Download and install Pidgin 2.7.7, available now!Download Pidgin2.7.7 for Windows
Disregard any previous directions from this, or any other blog. The problem is that the new wildcard certs that MSFT is using have a problem with the intermediate certificate authority referenced in the chain. The latest release of Pidgin, 2.7.7, incorporates these and takes care of some other stuff, including now supporting multiple logins to MSN.
With many thanks to the developers at Pidgin.im, and to Stu Tomlinson for providing the proper fix pre-2.7.6.
STOP! Apparently you followed a link to the #more anchor on my blog, and are totally missing the updated content advising you to update to the latest version of Pidgin 2.7.7! Scroll up, or just Download Pidgin2.7.7 for Windows!
We now return you to your regular workday, already in progress.
Direct link for RSS and email subscribers…http://youtu.be/XQRnWYVmIT4
If you found this post useful, please consider following us on twitter. You’ll be the first to learn about new posts, and, rarely, we’ll share a comedic or witty tweet. Of course, you can also leave a comment below to let us know we hooked you up, or share the love and tell your friends about us.
You might also enjoy:
RT @retrohack: Fix for #pidgin and MSN updated again with newer, better information! http://bit.ly/b4zIrk Please RT.
Great! Worked like a charm.
Thanks!
RT @retrohack: Fix for #pidgin and MSN updated again with newer, better information! http://bit.ly/b4zIrk Please RT.
new updated solution works great!
Thanks, works for me.
Could you please tell me which hosts (and IPs) I need to add to the HOSTS file in order to fix this ?
Hi Antonio
Don’t touch your HOSTS file. I only left that information in the post for its history. The proper, and Pidgin supported, fix is to copy the two intermediate certs as detailed at the top of the post into the program’s certificate store.
Ed
Works fine for me, once I tried the download using FireFox.
For some reason Google Chrome would hang trying to download the two cert files.
Currently Browsing: http://is.gd/hyZvc
The links to the cert files don’t seem to be working. I tried in IE and FF. I just keep getting “500 – Internal Server Error”.
I get the same results…but since 2.7.6 has just been released, the best possible fix is to upgrade.
I am updating the post now.
Thanks
Ed
Worked fine yesterday, here you go:
http://dl.dropbox.com/u/1688191/archive/Microsoft_Internet_Authority_2010.pem
http://dl.dropbox.com/u/1688191/archive/Microsoft_Secure_Server_Authority_2010.pem
Thanks Antonio, most helpful of you. Still, upgrading to 2.7.6 is the recommended course of action for those who can.
Just did it myself
what about Pidgin for Linux (Ubuntu) I can not access my account on msn, and now?
Hi Thiago
Try this from a terminal
>sudo apt-get update pidgin [return]If that does not work, download the intermediate certs from Antonio’s Dropbox (thanks for providing that, Antonio)
http://dl.dropbox.com/u/1688191/archive/Microsoft_Internet_Authority_2010.pem
http://dl.dropbox.com/u/1688191/archive/Microsoft_Secure_Server_Authority_2010.pem
and save them to /usr/share/purple/ca-certs/
Ed
Hi Ed,
Thanks for the support
Everything is working normally right now.
RT @retrohack: #pidgin updated to 2.7.6. This is the proper fix for MSN certificate errors. http://bit.ly/b4zIrk Please RT.
[...] Ed Fisher: It seems the certificate that Microsoft uses to secure access to your buddy list was updated with a new wildcard certificate [...]
[...] comparison, this blog is on one of the least expensive shared plans at GoDaddy, and last year had a post go viral with over 15000 hits. The site shares a server with over two thousand other sites, and I never even [...]