Trac is being migrated to new services! Issues can be found in our new YouTrack instance and WIKI pages can be found on our website.

MSN Certificate Error

MSN recently changed the certificate used on some of their servers. This certificate is used to negotiate a secure socket layer (SSL) session, an encrypted connection, between the client (Windows Live Messenger, Pidgin, etc.) and the server(s).

Unfortunately, this new certificate is signed by a root certificate that Pidgin does not provide. You may not experience any problems if your distribution provides the root certificate and has configured Pidgin to use it. If you do experience a problem, you'll see one of these error messages:

Unable to validate certificate:
The certificate for local-bay.contacts.msn.com could not be validated. The certificate chain presented is invalid.

or:

Unable to validate certificate:
The certificate for local-blu-people.directory.live.com could not be validated. The certificate chain presented is invalid.

If you're reading this page, you're probably experiencing this problem. Here is the solution.

How Do I Fix It?

Upgrade to Pidgin 2.10.7 or newer

Note: Pidgin 2.10.7 has not yet been released, but you should upgrade when that happens.

If upgrading is not possible

If you can't upgrade to Pidgin 2.10.7 or newer, then here's how to partially fix the problem.

Note that while we verified the certificates we instruct you to download below, there is always a risk involved in downloading certificates, especially ones you have not personally verified, from a website and adding them to your trusted CA store. Ordinarily you should avoid this practice. Instead of following the instructions below, we strongly recommend upgrading to Pidgin 2.10.7 or newer, which include the certificates and other fixes.

Get the new root certificate

If you have followed other (incorrect) instructions to replace the 'local-bay.contacts.msn.com' or 'local-blu-people.directory.live.com' certificate, then you must delete that certificate from Tools->Certificates first.

Download Baltimore_CyberTrust_Root.pem, then follow the appropriate set of directions below.

Windows

  • Save the files to C:\Program Files\Pidgin\ca-certs (or C:\Program Files (x86)\Pidgin\ca-certs as appropriate)
  • Restart Pidgin

Linux

  • Save the files to /usr/share/purple/ca-certs (or /usr/local/share/purple/ca-certs as appropriate)
  • Restart Pidgin
Last modified 11 years ago Last modified on Jan 22, 2013, 12:30:29 AM
All information, including names and email addresses, entered onto this website or sent to mailing lists affiliated with this website will be public. Do not post confidential information, especially passwords!