Empathy gives ‘untrusted connection’ certificate warning when connecting to Facebook via XMPP

Empathy users may have experienced a rather annoying problem if connecting to Facebook via XMPP using Empathy. This problem may affect other services too, such as Gwibber, but I’m not using Gwibber — so I’m only writing about this.

When trying to connect, you’ll receive a message like the following:

Even if you check “Remember this choice for future connections”, you’ll still get it next time you launch Emapthy.

It seems the root cause is a certificate not being installed in ca-certificates during installation. The original issue and solution are described in Launchpad bug #746973, and is root caused in Launchpad bug #742889.

I’ve rewritten the solution here with some adjustments to the steps for clarity and where instructions were incomplete or needed explanation.

Start by opening Firefox to get the correct certificate out of the certificate store.

In Firefox, go to edit > preferences > advanced > encryption > view certificates > authorities

Scroll down to DigiCert Inc, and find “DigiCert High Assurance CA-3″

Click “Export” and save the file somewhere you can find it later.

I called it DigiCertHighAssuranceCA-3.crt (you will probably have to add the extension, which is important).

It automatically exports in PEM (X.509) format, which is what we need.

Verify by opening a terminal and typing

file DigiCertHighAssuranceCA-3.crt

You should get:

DigiCertHighAssuranceCA-3.crt: PEM certificate

Now, become root (sudo su) and execute the following commands to move the file to the ca-certificates installation source:

mv DigiCertHighAssuranceCA-3.crt /usr/share/ca-certificates/mozilla
chown root:root /usr/share/ca-certificates/mozilla/DigiCertHighAssuranceCA-3.crt
dpkg-reconfigure ca-certificates

Select “yes”, then scroll down the list and place a mark (using the space bar) next to the certificate we just added. Press the TAB key to move the cursor to OK then press space again to confirm.
You will likely see output similiar to the following:

Updating certificates in /etc/ssl/certs... 
WARNING: Skipping duplicate certificate brasil.gov.br.pem
WARNING: Skipping duplicate certificate Go_Daddy_Class_2_CA.pem
1 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d....
updating keystore /etc/ssl/certs/java/cacerts...
added: /etc/ssl/certs/DigiCertHighAssuranceCA-3.pem
done.
done.

Confirm that it’s fixed by exiting empathy if you had it opened (Chat > Quit) waiting a moment or two and then restarting it. You should automatically be signed into Facebook XMPP without the certificate warning.

Questions, comments, and feedback about this are welcome and appreciated.

, ,

  1. #1 by Don Constance on April 13, 2011 - 2:43 pm

    Oh yes, that’s fixed it. Thank you very much for your concise instructions.

  2. #2 by paff on April 14, 2011 - 1:30 am

    Thanks, Your soulution worked just fine :P

  3. #3 by newport on April 14, 2011 - 9:33 am

    Worked perfectly, thanks providing such clear directions.

  4. #4 by Andy on April 14, 2011 - 9:08 pm

    Thank you for your detailed instructions, it worked perfectly.

  5. #5 by Jano on April 17, 2011 - 9:24 am

    thanks!

  6. #6 by postadelmaga on March 25, 2012 - 10:56 am

    Not working in 11.10.
    If I use unity I don’t need to do anything …
    If I use another DE like e17 I got the message, I followed the guide but this did’t fix

  7. #7 by seetchoo on December 16, 2012 - 4:29 am

    Thanks, It worked perfectly on Debian wheezy.

  8. #8 by seetchoo on December 17, 2012 - 4:40 am

    It worked for two days but now empathy still keeps asking about the certificates :(

Follow

Get every new post delivered to your Inbox.

Join 34 other followers

%d bloggers like this: