Force Pidgin to acept an invalid certificate
As alternative you can download the ssl certificate by hand. Afterwards pidgin starts without problems. To download the certificate you can use openssl command line utility.
~/.purple/certificates/x509/tls_peers$ openssl s_client -connect YOUR_SERVER:PORTNUMBER
When the above command fails with "no peer certificate available" then maybe the server uses STARTTLS instead of SSL. In this case use the following command:
~/.purple/certificates/x509/tls_peers$ openssl s_client -connect YOUR_SERVER:PORTNUMBER -starttls xmpp
Now copy the part beginning with "----BEGIN CERTIFICATE----". If you print the content of the certificate file it looks like the following:
~/.purple/certificates/x509/tls_peers$ cat jabber.ulm.ccc.de
-----BEGIN CERTIFICATE-----
MIIFXDCCA0QCCQCa5jxvwccm0DANBgkqhkiG9w0BAQUFADBwMQswCQYDVQQGEwJE
RTEMMAoGA1UEBxMDVWxtMRUwEwYDVQQLEwxDQ0MgRXJmYSBVbG0xGjAYBgNVBAMT
EWphYmJlci51bG0uY2NjLmRlMSAwHgYJKoZIhvcNAQkBFhFqYWJiZXJAdWxtLmNj
...
3EIpMVk3V1djyj0FEuDaG/o+6BTLCiIMiIUFtbpVz8YZChHbv8ObMJ5JpUIkDfKZ
si1YZKpUYwpVXgTCUml67lArx/sq95OQsDSO3fR1Ch0=
-----END CERTIFICATE-----
Turns out it there's a bug with certificates in Pidgin 2.10.10 (libpurple 2.10.10):
In version 2.10.10 it's no longer possible to connect to a XMPP server which uses a self signed SSL certificate. The error message is: The certificate for could not be validated. The certificate chain presented is invalid.
The connection is possible if the server certificate is already in the local cache (.purple\certificates\x509\tls_peers). If the certificate is not cached yet (e.g. after a fresh windows/pidgin installation) the connection fails.
Upgrading to 2.10.11 fixes the issue. If you're using an older Ubuntu version like me, you can use the PPA (12.04, 14.04 and 14.10)
It seems to be important that the name you enter when importing the certificate via Tools→Certificates matches the connect server
in the XMPP account configuration. This is the only way I was able to get it to work for the same error.