Pidgin cannot connect to MSN: the certificate chain presented is invalid

The certificate for omega.contacts.msn.com could not be validated. The certificate chain presented is invalid.

If you have an error when trying to connect to MSN messenger with your pidgin today, this is the easy and quick way to fix the problem: just delete the contacts.msn.com SSL certificate.

rm ~.purple/certificates/x509/tls_peers/contacts.msn.com

This way, pidgin will download again the SSL certificate and everything will be working again.

update: check comments for more other possible fixes

Comments

  1. Thanks! Worked perfectly 🙂

  2. Hello. Thank you for your advice.
    I’m having exactly this problem right now, but I don’t have a contacts.msn.com file. It just doesn’t exist in the mentioned folder. What shall I do?

    Thank you.

  3. Cool!! Thanks for the info!

  4. Perfect!! Thank you very much!!!

  5. thanks!

  6. Chris Morgan says:

    Cheers!

  7. It seems it wasn’t that easy for me, would you know whats wrong from the following debug output?
    (14:41:09) proxy: Connected to omega.contacts.msn.com:443.
    (14:41:10) nss: subject=CN=*.contacts.msn.com,OU=MSN Contact Services,O=MSN,L=Redmond,ST=WA,C=US issuer=CN=Microsoft Secure Server Authority,DC=redmond,DC=corp,DC=microsoft,DC=com
    (14:41:10) nss: partial certificate chain
    (14:41:10) certificate/x509/tls_cached: Starting verify for omega.contacts.msn.com
    (14:41:10) certificate/x509/tls_cached: Checking for cached cert…
    (14:41:10) certificate/x509/tls_cached: …Not in cache
    (14:41:10) certificate: Checking signature chain for uid=CN=*.contacts.msn.com,OU=MSN Contact Services,O=MSN,L=Redmond,ST=WA,C=US
    (14:41:10) certificate: …Singleton. We’ll say it’s valid.
    (14:41:10) certificate/x509/tls_cached: Checking for a CA with DN=CN=Microsoft Secure Server Authority,DC=redmond,DC=corp,DC=microsoft,DC=com
    (14:41:10) certificate: Failed to verify certificate for omega.contacts.msn.com
    (14:41:10) msn: Operation {} failed. No response received from server.

  8. Thank you! This worked beautifully.

    But, I notice you specifically say, “If you have an error…today.” Indeed, I’ve never encountered this problem until this morning. Any idea what’s happening to suddenly cause this? Is there a problem at Microsoft’s end?

    Thanks again.

  9. Thanks for the info. Wasn’t working for me, googled the error, and you were there to save me.

  10. Ryan Matte says:

    That didn’t work for me.

  11. Doesn’t work so great on the Windows side. Yet. Something else must be going on with MSN?

  12. Ryan Matte says:

    Ah, I noticed that I had a slightly older version of pidgin so I upgraded and was able to re-generate the cert. Thanks.

  13. 1. Deleted all msn/live/hotmail certificates in the folder
    2. went to https://omega.contacts.msn.com using fire fox (https not http)
    3. right click > view page INFO > Security Tab > View Certificate Button > Details Tab > Export Button
    4. Saved the file to ~.purple/certificates/x509/tls_peers/omega.contacts.msn.com
    5. Reconnected
    6. Perfect

    Thanks 🙂

  14. I decided on my own this was the way to go and then I came across your post… which reassured me. Thanks for the help. Microsoft must have changed something

  15. Thanks! it works now, but in my case the command line was omega.contacts.msn.com”

  16. The author’s fix didn’t work, however Tejota’s fix worked for me. Thank you.

    actually your method didn’t work for me. what did was this:
    http://blog.andreineculau.com/2010/11/pidgin-and-msn-certificate-error-for-omega-contacts-msn-com/

  17. @MoreThanks… that worked for me!

  18. Clinton Goudie-Nice says:

    I needed to delete *.msn.com in that directory for it to work.

  19. Didn’t work for me with Debian 5.0

    What I had to do was grab the SSL certificate using Firefox from the host (https://omega.contacts.msn.com) and import it into pidgin using its certificates menu option.

  20. I had the same problem, couldn’t connect to msn with pidgin. Didn’t do anything and suddenly it works 🙂

    Aint it strange we all have the same problem on the same day?

    Probably just msn who’s freaking out but then again didn’t it always 🙂

    grtz

  21. tejota, 18. November 2010, 15:26 comment worked for me on Win 7, thank u.

  22. Ryan Matte says:

    It only worked temporarily, after a bit it’s suddenly not working. I tried following the same steps again and it’s a no go. Either microsoft is having technical difficulties or they are having another go at booting non-microsoft clients off of their network.

  23. Ryan Matte says:

    …and now suddenly it’s working again. Strange.

  24. Ryan Matte says:

    …and now it’s not working. It’s like the certificates are changing every minute or something.

  25. this didn’t work for me either, but tejota’s link did.

  26. Yes, omega.contacts.msn.com deleted as per details above.

    Full path to the file was C:UsersMYNAMEAppDataRoaming.purplecertificatesx509tls_peers

    Where MYNAME is the name of my profile. You will have to figure your own out!

    I am running Windows 7 Professional and Pidgin/Libpurple 2.7.3.

    I actually found several copy of the certificate when I searched my machine and deleted them all. I had to close Pidgin before I deleted them and restart it. Then the fix took.

    Nice work!

  27. Marco frmo Brazil says:

    Thanks!!! Worked!!!

  28. @Kenji see if there are different certificates in the same folder…

    @everyone: glad for those who fixed it, sorry for those who didn’t :/

  29. @Thomas that “(14:41:10) msn: Operation {} failed. No response received from server.” makes me think MS has more issues to fix…

  30. update: i started having same problem again, and finally decided to made that small change in my account i had to make time ago… switched the protocolo from msn to WLM (you need to install the msn-pecan package – at least, this is how it’s called on Ubuntu – to have that protocol in the list, i think). and it’s working again now.

  31. you da man

  32. @MoreThanks, 18. November 2010, 16:35

    1. Deleted all msn/live/hotmail certificates in the folder
    2. went to https://omega.contacts.msn.com using fire fox (https not http)
    3. right click > view page INFO > Security Tab > View Certificate Button > Details Tab > Export Button
    4. Saved the file to ~.purple/certificates/x509/tls_peers/omega.contacts.msn.com
    5. Reconnected
    6. Perfect

    This worked perfectlly

    ta

  33. Thank you. Apparently this is a pretty common problem; I found posts complaining about this from way back in Jan. 2009.

    Maybe pidgin should delete after a couple of cert. errors and try again? I’ll see if I can find a bug about it.

  34. PinkPanther says:

    I removed omega.contacts…. but still the problem persists. actually it doesn’t produce any new certificate. also this https://omega…. I cannot enter:((
    Help Please!

  35. PinkPanther says:

    I did nothing and it works now!

  36. PinkPanther says:

    Again doesn’t work

  37. Yeh this is screwed man, it was working ok for a while today now it won’t work again.

  38. tejota’s worked for me. Simply deleting the file did not. Thanks!

  39. Worked for me, thanks !

  40. Easier solution: delete the certificate:
    http://morganblakley.net/journal/archives/199

  41. Thank, I have meet the same problem, and solved successfully.

  42. Deleting the file wasn’t working for me, I guess because our network has a proxy and the certificate was got through http and stuck in the proxy cache… I just accessed the content of the txt file and copy-pasted into the proper certificate file, worked like a charm.

    Sometimes I wonder what would it be for us if the community wouldn’t exist… Thanks a lot!

  43. The fix from tejota did the trick 🙂

  44. Correction.. the fix did the trick until I tried to reproduce the cause I discovered yesterday. If I try to alter the group of a contact the error reappeared and I got thrown out of my messenger-account yet again. Reconnect = no go.. Re-applied the fix from tejota and it worked again.

    Any ideas? I will not be editing any groups anytime soon until this is fixed..

  45. thank you!

  46. Didn’t work for me…
    The trick from Tejota made it working again!

    Thanks for the help 😀

  47. For people who don’t klick links:

    For Windows 2000/XP/Vista/7, entering %APPDATA% in your Windows Explorer address bar will take you to the right directory.

    Save this in notepad or something, named omega​.con​tacts​.msn​.com (without the .txt at the end) and replace the one you have in /certificates/x509/tls_peers :

    —–BEGIN CERTIFICATE—–
    MIIGeDCCBWCgAwIBAgIKfdrgSQAIAAHIuTANBgkqhkiG9w0BAQUFADCBizETMBEG
    CgmSJomT8ixkARkWA2NvbTEZMBcGCgmSJomT8ixkARkWCW1pY3Jvc29mdDEUMBIG
    CgmSJomT8ixkARkWBGNvcnAxFzAVBgoJkiaJk/IsZAEZFgdyZWRtb25kMSowKAYD
    VQQDEyFNaWNyb3NvZnQgU2VjdXJlIFNlcnZlciBBdXRob3JpdHkwHhcNMTAxMTE1
    MjEyODE5WhcNMTIxMTE0MjEyODE5WjB2MQswCQYDVQQGEwJVUzELMAkGA1UECBMC
    V0ExEDAOBgNVBAcTB1JlZG1vbmQxDDAKBgNVBAoTA01TTjEdMBsGA1UECxMUTVNO
    IENvbnRhY3QgU2VydmljZXMxGzAZBgNVBAMMEiouY29udGFjdHMubXNuLmNvbTCC
    ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJnXhdENETaZ8YFfenWCuky3
    Fke/oWgUOEbgvaRuZusd2LnvoSiqH++2lkV0JJlIQ+7jLLN8MY7VhlHQmkLC3x44
    KZn2IktMVgTBGMKnvbyYVAnRsjt/rVhQrQeHVEQzv5WXx//3FKmXWAuJiuRj9PZ2
    KsNqPJgaaa5cuOu4oynO9fH5/ZtJIeUf7bC4Wu++o7jTu5zOhIa7R1buE9FXFF33
    vQ1vHi4p9zR2Pi/i2nUpEnzeNCLl/8F/Tf+658SvIC4EzxrYcj+fit6sAnNUfsOE
    1SIk9YLD+tS0fln1afbcDvH0ib5Xm7u2/o6ZmxQU0mrAkfQectsKpZLJj03neBsC
    AwEAAaOCAvAwggLsMAsGA1UdDwQEAwIEsDBEBgkqhkiG9w0BCQ8ENzA1MA4GCCqG
    SIb3DQMCAgIAgDAOBggqhkiG9w0DBAICAIAwBwYFKw4DAgcwCgYIKoZIhvcNAwcw
    HQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMB0GA1UdDgQWBBRciAVJ/Vsj
    sAlZoNG/Zs+rILsPNDAfBgNVHSMEGDAWgBQIQuPbThFm87UIxUDbVXwzRhGDODCC
    AQoGA1UdHwSCAQEwgf4wgfuggfiggfWGWGh0dHA6Ly9tc2NybC5taWNyb3NvZnQu
    Y29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMFNlY3VyZSUyMFNlcnZlciUy
    MEF1dGhvcml0eSg4KS5jcmyGVmh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kv
    bXNjb3JwL2NybC9NaWNyb3NvZnQlMjBTZWN1cmUlMjBTZXJ2ZXIlMjBBdXRob3Jp
    dHkoOCkuY3JshkFodHRwOi8vY29ycHBraS9jcmwvTWljcm9zb2Z0JTIwU2VjdXJl
    JTIwU2VydmVyJTIwQXV0aG9yaXR5KDgpLmNybDCBvwYIKwYBBQUHAQEEgbIwga8w
    XgYIKwYBBQUHMAKGUmh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3Jw
    L01pY3Jvc29mdCUyMFNlY3VyZSUyMFNlcnZlciUyMEF1dGhvcml0eSg4KS5jcnQw
    TQYIKwYBBQUHMAKGQWh0dHA6Ly9jb3JwcGtpL2FpYS9NaWNyb3NvZnQlMjBTZWN1
    cmUlMjBTZXJ2ZXIlMjBBdXRob3JpdHkoOCkuY3J0MD8GCSsGAQQBgjcVBwQyMDAG
    KCsGAQQBgjcVCIPPiU2t8gKFoZ8MgvrKfYHh+3SBT4PC7YUIjqnShWMCAWQCAQow
    JwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATANBgkqhkiG
    9w0BAQUFAAOCAQEAbbWUY/5r/Tv/kefqNUT5aGVejrkbG4229gnJLcv+uQTEg0Gg
    xfvLr77N1z2j57FameJwz6DeTRbK8MYVPoP+z5o4vM3F3GxLm7aBklYQ/7G0TIp/
    13z01a5aBGvZH8umzex3YrAnhJEcucSN5WaT6r9uwT7imdbsCgfFPdiIgS5iHdcl
    k/3QSpau+4/XZgh/8V/FMN9KEFYGvEhMb5EVzKJ8pqF9Jy9Mfzqev3BtSREiljCt
    lJuiRamxWgQoeNVTAI+J2YAsD8Qon1iZiHl08uHdgXWZiGDtLPcd9aIiL7/vi/+D
    7w3bhyHPFr+/13BCIWSfKnSRj/g6YoHnhF4gyQ==
    —–END CERTIFICATE—–

    Log out, log in again.

    Thanks to http://blog.andreineculau.com/2010/11/pidgin-and-msn-certificate-error-for-omega-contacts-msn-com/

  48. The certs are in the following folder…

    ~.purple/certificates/x509/tls_peers/

  49. Hey thanks this worked after i deleted all the files from the Documents & Setttingsapplication datapurplecertificates/x509/tls_peers/omega.contacts.msn.com

    It worked fine after i recoonected deleting all msn & hotmail file.

    Cheers

  50. Permanent fix from Pidgin developer team:
    http://developer.pidgin.im/ticket/12906#comment:39

  51. Deleting Documents & Setttingsapplication datapurplecertificates/x509/tls_peers/omega.contacts.msn.com worked for me.

  52. New Pidgin 2.7.6 was released with the fix for this problem. Just download that.

    http://pidgin.im

    ———————————-

  53. I had this issue…All I did was go to tools // certificates// delete the omega… cert shut down and reconnect. it worked for me.

  54. I’ve deleted the cert, let Pidgin download it again, worked once, but the same problem reappeared and could not be fixed by letting Pidgin download the cert again. Downloaded the cert myself (locations enough in posts above), put it in the cert folder and made it readonly. See if the problem reappears.

  55. hello!
    pidgin 2.6.6 on ubuntu (lucid) here.
    getting certificate error but I get logged in and I am able to chat.

  56. updated pidgin to 2.7.5 – getting cert error anyway
    going to search old cert to delete it
    Ubuntu 10.04 LTS – the Lucid Lynx

  57. In Ubuntu 10.04 lts I ran Pidgin 6.6.6:

    1. Made sure my status was “offline” in Pidgin
    2. Tools > Certificates
    3. Selected the omega.contacts.msn.com (and another certificate which was obviously MS related)
    4. Hit delete.
    5. Waited a couple of minutes and set status to online.

    Problem solved!
    Pidgin seemed to regenerate the certificate.

Trackbacks

  1. […] to the fix in the comments at diarizing.com, if Pidgin won’t connect because of a certificate error, […]

Speak Your Mind

*