MSN + Pidgin +


Pidgin users with MSN accounts may have been experiencing problems connecting. It seems they have changed their certificate. The solution seems to be to manually delete the certificate, either by going to "Menu -> Tools -> Certificates" or by doing something like:

rm .purple/certificates/x509/tls_peers/ In my case I used "mv" so I could keep the old ones for reference..

It seemed to work, but then the next day I had to do it again, I checked the certificates and found out the following:

The certificate that expired was valid from Tue Dec 1 22:45:11 2009 till Wed Dec 1 22:45:11 2010. The one I got the other day after moving this one is valid from Wed Jun 23 03:06:48 2010 till Thu Jun 23 03:06:48 2011, and after getting the same issue again and mv again the certificate I received a new one valid from Mon Nov 15 22:28:19 2010 till Wed Nov 14 22:28:19 2012.. .

I am going to guess there is an issue with their servers not using the same key every time, and I am going to guess that the official MSN client uses more than one certificate so it can switch from one to another depending on the server you connect to with giving the user any alert. .. .(yeah this does seem to not fit with the whole idea of the certificate.. . then again what do I know).. anyway, the three certs I got so far have these SHA1 fingerprints:

The one I originally had
The one I got a couple of days ago
The one I just got now

It almost looks like MSN got a Man In The Middle attack or something strange like that, maybe their private key got leaked so they changed it quickly thinking nobody would notice ? No official information to be found (if someone knows of any official information let me know).


It seems that there is a patch for Ubuntu and it seems their solution was to manually add certs and stuff like that.. All this because MSN has/had an issue with their servers issuing different certificates at the same time.. Or something like that (MITM)..

Leave a comment
You may use the following HTML tags: <p> <a> <strong> <b> <em> <i> <cite> <blockquote> <code> <pre>

Your comments WILL NOT be submitted to any third party (not even for anti spam verification).