I am getting the following error on Pidgin 2.10.10-3.fc20 (libpurple 2.10.10).
How can I force it to accept an invalid certificate?
(According to this bug report it should be capable).
Here's what I have done:
- visited the domain on Firefox, and exported the certificate
- imported the certificate on Pidgin tools->certificates
- Imported the certificate on
seahorse(gnome keyring GUI)
As alternative you can download the ssl certificate by hand. Afterwards pidgin starts without problems. To download the certificate you can use openssl command line utility.
When the above command fails with "no peer certificate available" then maybe the server uses STARTTLS instead of SSL. In this case use the following command:
Now copy the part beginning with "----BEGIN CERTIFICATE----". If you print the content of the certificate file it looks like the following:
Turns out it there's a bug with certificates in Pidgin 2.10.10 (libpurple 2.10.10):
Upgrading to 2.10.11 fixes the issue. If you're using an older Ubuntu version like me, you can use the PPA (12.04, 14.04 and 14.10)
It seems to be important that the name you enter when importing the certificate via Tools→Certificates matches the
connect serverin the XMPP account configuration. This is the only way I was able to get it to work for the same error.Another workaround is to import the name of the server specified in the error like
myserver.chat.com. For example:Open the Firefox browser and put the URL:
HTTPS://mysever.chat.com, you'll get an error:Select,
Advancedoption thenAdd Exception. A popup for the certificate will open.Then click
Advanced->Details->ExportSave the certificate somewhere
Open Pidgin, go to
Tools->Certificates->AddNow save the certificate with the same common name as the error in the beginning.Finally, try to reconnect.
Easy Way,
Windows: %appdata%\.purple) (Linux:/home/<Username>/.purple/certificates/x509/tls_peers)P.S: Windows users who aren’t familiar with
%appdata%just type%appdata%\.purplein your address bar and press enter.You can use Pidgin-developers PPA to resolve it. I installed pidgin packages and libpurple from that source and it solved my problem with accessing Lync 2013 resources. Now it can automatically allow certificates (show dialog to accept or reject unknown certificate). Have you tried that? If you used 15.04 there is also a workaround to download a few packages and replace old ones with new. I tested it on 15.04 already, it works.
I was able to get around the certificate issue by manually replacing it with a saved copy a couple of times. Stopped working after that, and upgrading to 2.11 didn't seem to help.
If you build from source, one thing to try is to modify the source code for libpurple/certificates.c ; moving the PURPLE_CERTIFICATE_FATALS_MASK check under the PURPLE_CERTIFICATE_NON_FATALS_MASK check to prompt the user but allow the certificate if accepted. Probably not the safest thing to do, but worked for me.
Force pidgin to download new certificates.
Close and re-open pidgin.
Now this should list newly downloaded certificates.