the main  /  Contract  /  Installing certificates in cryptopro from flash drives. How to install a personal certificate? How to put a new certificate for surf

Installing certificates in cryptopro from flash drives. How to install a personal certificate? How to put a new certificate for surf

Contract
13.06.2021

Good afternoon dear friends! I want to raise an important topic today: how to establish a certificate in the registry. Now each accountant is familiar with electronic signatures, it works with them anyone who sends reporting. The installation process is similar and not difficult, but many people forget as it is done, given the fact that many establish one, the maximum of two signatures per year. Therefore, I decided to make a crib, exclusively for my readers. Baister!

If you can't solve this problem yourself, then you can go to the section and our experts will help you.

To successfully install the signature we need:

Computer on the operating systemWindows (preferably 7 and higher)

- Crypto-pro ()

- Flash drive

- Certificate (open and closed key)

A bit of theory. If you do not have crypto-pro, then you will have to purchase it, it is not very expensive and the license is bought once, at one workplace. But what to do if the statements need to pass tomorrow, but there is no time to buy a license? Guys from crypto-pro not greedy and give you 3 monthswork with their program for free! Therefore, we can still send a report, and then buy a license.

Now we need to install Crypto-Pro if you do not know how this is done, then read here.

I will say right away, we will consider the way when you have an open and closed key. And we will make installation not with tokens, not withJacarta, namely with flash drive. As the certificate is established from the tokens and other protected media, I will tell later when I have these media on my hands.

with flash drive

Now let's see what our certificate looks like. It consists of a closed key and open.

Copy both files on a flash drive, be sure to go to the root of the flash drive. That is, it is impossible to hide the open and private key to the folder, only to the root! Installation must be made with a flash drive.

Now open the Crypto Pro program. You can find it in the "Start" menu.

The crypto-pro program will open and go to the "Service" menu.

Install a closed key to the registry and flash drive

Now we need to copy the closed key to the registry. To do this, click on the "Copy" button.

At this stage, we need to choose a medium on which the private key is stored. To do this, click the "Overview" button. So as not to get confused with closed keys, I advise you to pull out all the tokens from the computer,Jacarta, extra flash drives and so on. Leave only the flash drive on which we have a private key.

Choosing our USB flash drive. In my case, this is a diskH. Well, I have flash drive one, Therefore, it is not difficult to choose.

Go to the next stage, we need to call the container. How do you call it no matter. Better write the name of the organization so that you will not get confused.

Now we ask where to install the closed key. This is an important stage! If you want the certificate to be stored on a computer, you choose the registry.

If you want the closed key to be stored on a flash drive, then choose the flash drive, in my case it is a discH.

I will explain the difference. If you put a closed key to the registry, then you can use the certificate at any time convenient for you. If you put a closed key to the flash drive, you will need to work with the certificate so that the flash drive is inserted into the USB port. That is, if you do not want someone to use this certificate without you, put a closed key on the USB flash drive, and there is no flash drive, no one can use the certificate. If you do not need such protection measures, then put in the registry. And so and so.

Now enter the password. I never enter the password to not forget it. No password - nothing to forget. If you want to protect yourself, you can enter a password. Then click "OK".

Everything! The closed key was installed, moving to the open.

How to install an open key in the registry

Again, we need a Crypto-Pro Tab program.

Click "Set Personal Certificate".

Now we need to choose our public key, press the "Overview" button.

We choose our certificate that we have a flash drive. Then click "Open".

We see general information about the certificate. Click "Next".

Now we need to tie an open and private key. This is done very simple. We put a tick "Find Container automatically". If you have done everything right in the previous steps, the closed key will tighten automatically.

Now again an important stage. We put a tick "Install the certificate (chain of certificates) in the container." This will give us intermediate certificates that I will not tell it, but without this chain there will be no certificate. So checking be sure to place.

Now click "ready."

Everything! The registry certificate is set.

Let's check it. Go again in the "Start" menu. Choose the crypto-pro folder. In this folder, select the "User Certificates" section.

A window will appear with folders. We are interested in the "Personal" section, then choose "Certificates". In the right window, all certificates you have installed. Here we are looking for the certificate you need. If he is there, then the installation was successful!

When you received all the data on your electronic signature on your hands, you need to figure out how to install the EDS certificate. Before making any actions relative to the EDS keys, it is necessary to provide an operating system with the ETOKEN support and digital signature modules.

Installing the root certificate of the certifying center

Installing the EDS begins with downloading a key file called the root certificate. It is on electronic media (flash card).

Before downloading, make sure that it is credible. Reveal the document with the extension "CER", open the "Composition" tab and the "imprint" item and make sure that the alphanumeric value appears on the screen corresponds to the desired combination.

The installation of the installation requires logging into the operating system in the status of the administrator and disclose the file that was checked. We find the "General" tab. From the proposed list, you stop at the "Install Certificate" item. The procedure is made by launching the Installation Wizard program, which requests approval to continue. I confirm.

The following actions depend on the existing operating system. Windows XP automatically selects the storage for the certificate based on its type. The version "7" and "Vista" is not endowed with this option. Therefore, click the position "Place in the repository". Through the "Overview" function set the selected location. Click "Next" and "Finish". The message "Import is successfully manufactured" appears.

Establishing a Personal Signature Key Certificate

We enter the system under the name of the user who will work with the signature installed. In the "Start" menu, open the "Control Panel", hereinafter - the program of operation with EP. Press the right button. We see tabs:

  • "safety";
  • "additionally";
  • "Algorithms";
  • "equipment";
  • "Service" (on it and stop).

Installing the Certificate of the EDS requires the selected item from the proposed options regarding the personal certificate. The installation wizard opens. Click "Next". A window will pop up, which requires you to specify the path to a file with a personal certificate (it was obtained in the UC). His name usually consists of the date of creation and the name of the signator and may have the expansion of "P7B" or "CER".

Next you need to learn how to unload the EDS certificate. Specify the path with the "Overview" button. We continue by clicking "Next". In the window that opens, select the EP key container, which corresponds to the certificate installed. Insert Etoken to USB port. Using the "Overview" function, we find the reader that contains the key carrier. In the drop-down list, open the item whose name ends at the "Service Provider". Click the "Next" button.

The installer will require to enter an ETOKEN access password. Usually it consists of ten characters and is initially standard, for example - 1234567890. The password must be changed to its own. In the Certificate Storage Selection window, click the "Overview" button, select "Personal". Click "Next" and "Finish".

Work with an updated certificate

Before installing a new EDS certificate, you need to remove the old one. This will make it possible to exclude in further work with the system error certificate when choosing the desired one.

Insert the key with the updated certificate in the PC. Run the basic program to work with EP. To do this, go through the path "Start" and choose "All Programs".

Open the "Service" menu, hereinafter - "revise certificates in a container". In the pop-up window, click "Review". We find a container, click "OK", "Install". A message about a successful installation appears. Click "OK" and "ready." The new certificate is successfully installed.

Activation of signature

After successful installation, you need to activate your electronic signature. How to activate the EDS? This operation does not require much time and effort and occurs according to such a scheme:

If everything goes successfully, after clicking "Check" we see messages:

  • the request is filed;
  • application is confirmed;
  • the certificate is released.

After that, a familiar button "Overview" and "Confirm" will appear.

Separate nuances

The question of how to set the EDS key can occur while working with EP keys in the form of ETOKEN or placed on flash cards when you need to overwrite the key to the registry. Such a need may appear if many EP are used on one PC. To carry out such actions, we connect the registry media into the program of working with EP and write a container here for subsequent use without a portable media.

Many are wondering how to establish the EDS for the state registry. The status of the official UC project "E-Government" was endowed with OJSC Rostelecom. It manufactures certificates for the registry of administrative services. Therefore, when installing EP, you need to be guided by its instructions.

The introduction of modern identification tools is a huge step in the development of electronic document management. Many believe that the development of such a direction does not have a practical meaning that the use of such funds is necessary only to a small number of users and nothing exceeds a simple signature in reliability and convenience, but this is not so.

The electronic digital signature allows you to determine the accuracy of the individual with digital document flow, which significantly increases its effectiveness and saves time and money.

Electronic digital signature (or EDS) is, in fact, electronic propswhich allows you to protect the digital version of any document from the fake. The legislator determines the EDS as an analogue of his own signature, which is used to identify the personality in electronic document flow.

In practice, several EDS options are used.

Does not contain cryptographic protection elements. Security is provided by using the login, password and connection codes.

In general, it is used only to actually identify the user, but not used to protect a specific document.

Such a signature can still assure documents, however, it is necessary to fulfill certain conditions:

  • adding to a specific document;
  • use complies with the internal rules of document management;
  • availability of data on the identity of the sender of the file.

Unqualified Refers to a strengthened signature, but its degree of protection is less than that of a qualified one. However, in this case, cryptographic protection methods are already used. The use of such a signature allows not only to sign the document, but also make changes to it followed by their confirmation.

Qualifiedi am considered the most protected option. Cryptographic protection methods are used, the confirmation of which is made by special authorities. The use in practice is difficult, but there is a certain plus - reliability. Connect such a signature only in a special certifying center.

When signatures, such a seal is equated with a paper analogue signed by an official with a special print.

Methods, services and check results

The use of EDS is undoubtedly practical and convenient. However, each user must have the skills to check its accuracy that will be secure from possible violations from counterparties.

The check is not much difficult. To do this, it is enough to use one of several services. So, you can check the authenticity of the document signed using the EDS, by downloading it to the site Crypto.kontur.ru.

This service will allow you to quickly analyze the document and get the result. To use it, you must adjust the computer accordingly, but it is not difficult, you just need to follow the instructions of the site.

If you can not install the EP on your computer, it is worthwhile to contact the certifying centers. At the end of their work, an act of installation of the electronic signature is drawn up.

The second service provided by the GOSS services portal is also not difficult to use. According to the link www.gosuslugi.ru/pgu/eds you can download the file, signed by the EDS, and the service will check its authenticity.

With the help of the service www.iecp.ru/ep/ep-verification, you can check no longer a document, but the signature itself. You must upload the file of the appropriate format, the system will check:

  1. Certificate validity period.
  2. Is there no signature in the list of recalculated.
  3. Does the EDS belong to the number issued precisely accredited centers.

The most popular method of checking is to check through the Public Services portal. However, there are many more services that are approximately the same in its effectiveness.

In general, the test methods can be divided into two types:

  1. Check document signed by EDS.
  2. Check the EDS itself.

To ensure the greatest efficiency, it is recommended to use both methods. In addition, it is periodically necessary to check the EDS itself in order to exclude its invalidity.

Another way to check the EDS is to install the appropriate program on the PC. Usually used Cryptopro Due to many full-fledged functions for working with EDS.

The result of any check is confirmation or unconfirmation of the authenticity of the EDS or the document, signed. Such services simply need to be used to work, as they fully allow us to ensure the safety of electronic document management.

If the work is done on a permanent basis, the use of software from cryptopro is recommended.

How to install EDP

To install EP on a PC, you will need to download the appropriate software and follow the instructions.

Programs

First of all, you need to install on a computer cryptopro CSP program. Further:

  1. Run the program any of the ways. As an option - open the control panel, the "Programs" menu and find it necessary, or find it through the search if the location is not known. Run is made on behalf of the administrator.
  2. After starting the program, a window will appear in which you want to find the "Service" tab.
  3. Next, looking for the "View Certificates in a Container" menu.
  4. A "Overview" window appears, in which you can familiarize yourself with the information on the name of the container and the reader. Click OK.
  5. In the next window, "Certificates in a closed key container" do not need to make any actions. Just skip it by clicking below.
  6. A window will appear with user data. You need to select "Properties".
  7. We establish a new certificate, to do this, select "Install Certificate".
  8. In the next window, do not produce anything and just click "Next".
  9. Next, you need to select "Place all certificates to one repository" item, for this click "Overview" and select the "Personal" folder.
  10. The last step is pressing "ready."

Plugins

There is also a useful plugin from cryptopro, which allows you to create and verify the signature on web pages. Cryptopro EDS Browser Plug-in It can work with any modern browser, including chrome and yandex.

Many believe that it is necessary to use Internet Explorer to work with the EDS, but it is not. It is enough that the Internet browser supports Java.

This plugin allows you to:

  1. Sign documents for electronic document management.
  2. Complete these web forms.
  3. Create any files sent from the user's computer.
  4. Sign messages.

With the help of the plug-in you can check both ordinary EP and improved. Important plus is that it spreads completely free.

To install the plugin, no special skills will be required, everything happens in automatic mode. You just need to run the installer file, then select "Run", "Next" and "OK". The program will do everything herself.

If any difficulties arise with the installation or operation of the program, you can always seek help in the company where the signature is purchased. In most cases, they give detailed instructions and assist in telephone mode.

Setup and activation

For full-fledged work, the EDS requires its correct setting and activation. To do this, it is necessary, except for installing a cryptopro program and the corresponding plug-in, establish a number of system programs and driverswhich will provide stable work.

  1. First of all, the drivers are installed router. To do this, you need to start the installer file, sewing an electronic ID of USB. After starting to follow the instructions of the program.
  2. After installation, restart the computer and connect the identifier. The system automatic will detect it.
  3. Next is the CSP cryptopro. This step was described in the previous section.
  4. After these manipulations, you must install the root certificate. It needs to be downloaded from the Certification Center website. Then you need to find among the downloaded Cacer.p7b file, click on it with the mouse, right-click, and select "Set the certificate". Click Next, then select "Place certificates in one repository", then "Review" and select "Trusted Root Certification Centers". Then "Next" and "Finish".
  5. If a pop-up window appears, it will be necessary to press "Yes" several times, then "OK".
  6. The next step is to install a personal certificate. Click on the start and looking for CSP cryptopro. Select "Service" and "View Certificates ...", after which "Review". We choose and accept. After adopting, a pop-up window appears, in which the PIN of the electronic media should be entered, then click "Set".
  7. The next important step is to bind the key to the certificate. As a rule, it occurs in automatic mode, if not, you should guide the instructions of the certifying center.
  8. You should also install a Capicom that is distributed free on the macroft website. The installer file needs to be launched and follow the instructions.

Proper setup of the electronic signature will avoid multiple problems. Therefore, all the steps must be made extremely carefully. If any questions occur, it is better to contact the Certification Authority.

Detailed instructions for installing and activating the Cryptopro program can be found below.

FAQ

How reliably the use of EDS?

The reliability of the application of the electronic signature is at a sufficiently high level, the usual EDS is equal to the proprietary signature. It is almost impossible to hack the system, and the chance of her fake is much lower than the chance of feeding his own signature.

Is it relevant to the receipt of EP to a physical face?

The FZ can use the signature in any electronic document flow. In addition, the use of such a signature significantly expands the capabilities of the portal of public services.

How much is the EDS?

The cost of the electronic signature is not very high. It will cost a physical face about 1000 rubles, the maximum cost for Yul is up to 2500 rubles.

How to install and configure Ructane, you will learn from this video.

To install, you will need a certificate file (file with extension.cer). To install the certificate, it is enough to perform the following steps: Select "Start" / "Control Panel" / "CSP Cryptopro". In the window "CRPTOPRO PROPERTIES CSP" Go to the tab "Service" and click on the button "Install a personal certificate" (See Fig. 1). Fig. 1. Window "CSP Cryptopro Properties" in the window "Certificate Import Master" Press the button "Further". In the next window click on the button "Overview"To select a certificate file (see Fig. 2).
Fig. 2. The certificate file selection window must specify the path to the certificate and click on the button. "Open" (See Fig. 3).
Fig. 3. Selecting a certificate file in the next window you must click on the button "Further", in the window "Certificate for viewing" Click on the button "Further". Choose "Overview"To specify the appropriate closed key container (see Fig. 4).
Fig. 4. A closed key container selection window Specify a container that matches the certificate and confirm the choice using the button. "OK" (See Fig. 5).
Fig. 5. The key container selection window after selecting the container, click on the button. "Further", check the tick opposite the inscription "Install the Certificate of Container" (See Fig. 6). In the window "Selecting certificate repository" Click on the button "Overview" (See Fig. 6).
Fig. 6. Selecting certificate storage must select a repository "Personal" and