Why doesn't CryptoPro see the certificate? How to install a personal certificate in crypto pro

List of documents for a legal entity:

1. Extract from the Unified State Register of Legal Entities (USRLE) no older than 30 days.

2. Passport

3. Company details

4. SNILS (Insurance certificate of state pension insurance)

5. TIN certificate

List of documents for an Individual Entrepreneur (IP):

1. Extract from the Unified State Register of Individual Entrepreneurs (USRIP)

2. Passport

3. SNILS (Insurance Certificate of State Pension Insurance)

4. TIN certificate

List of documents for an individual:

1. Passport

2. TIN certificate

2. SNILS (Insurance certificate of state pension insurance)

2. A window pops up: "Error! The CAPICOM library cannot be loaded, possibly due to low access rights on this local machine."

If, when working on the website roseltorg.ru, a window pops up: “Error! The CAPICOM library cannot be loaded, possibly due to low access rights on this local machine” You need:

1. Click on the yellow bar under the site address with the text “This website is trying to install the following add-on: “CAPICOM User Download v2.1.0.2” from “Microsoft Corporation”. If you trust this website and add-on and want to install it , click here...";

2. Select "Install ActiveX control";

3. Click on the "Install" button; This procedure must be performed until the window with this message stops popping up (this is individual for each computer). This is a one-time setup.

3. How to install a personal certificate?

Installing a personal certificate (your organization's certificate) can be done in the following way:

Via the "View certificates in container" menu

1. Select Start / Control Panel / CryptoPro CSP, go to the Service tab and click on the button View certificates in a container(see Fig. 1).

Rice. 1. “CryptoPro CSP Properties” window

2. In the window that opens, click the Browse button to select a container to view. After selecting the container, click on the OK button (see Fig. 2).

Rice. 2. Window for selecting a container to view

3. In the next window, click on the Next button.

Rice. 3. “Selected private key container” window

4. If the version of CryptoPro CSP 3.6 R2 (product version 3.6.6497) or higher is installed, then in the window that opens, click on the Install button, and then respond affirmatively to the notification about replacing the certificate (if it appears).

Rice. 4. Certificate viewing window

5. In the window that appears about the successful installation of the certificate, click OK

Rice. 5. Window “Message about successful certificate installation”

6. then press the ready button

Rice. 6. Window for viewing the selected certificate

5. Close the CryptoPro CSP window by clicking OK

Detailed information on installing the certificate is available at the following link.

4. How to set up email.

Configuring security settings for Outlook Express is carried out according to the following scheme:

1. Select the menu item Tools -> Accounts and open the Mail tab.

2. In the displayed list of accounts, select the one you want to configure and click the Properties button.

3. In the displayed dialog, select the Security tab, which allows the user to specify his personal certificates, which will be used when selecting the user’s personal keys for generating an electronic digital signature and decrypting incoming messages. The certificate selection dialog only displays certificates that have a matching email address and are allowed for email security

5. In the displayed dialog, select the Security tab:

6. In the displayed dialog, set the following modes:

a. Always encrypt messages when sending encrypted mail . Setting the enable mode allows the sender to decrypt the messages he has sent.

b. Include my digital ID when sending singed messages. Setting this mode to automatically add the sender's certificate to all messages. This mode allows you to exchange certificates using a signed message, and then use the resulting certificates to subsequently encrypt messages between recipients.

c. Send messages with an opaque signature / Encode message before signing. When Message Mode is enabled, all attachments will be combined into a single attachment with a digital signature included. If the mode is disabled, the signature is generated as one separate attachment for all attachments.

d. Automatically add sender certificates to my address book. When enabled, certificates sent as part of a signed message will be automatically added to the address book.

e. Check for revoked Digital Ds:

i. only when online. Installing a verification token means that each operation of generating or verifying an electronic digital signature will be accompanied by a certificate revocation check. To check for revocation, a Certificate Revocation List (CRL) is used, information about the location of which is recorded as an addendum in each user’s certificate. By default, this option is not enabled, and Outlook Express does not track whether user keys have been compromised.

ii. Never/Never.

No revocation check is performed.

5. How to sign a document.

There are 2 types of sending a signed document.

The first way is to sign the document itself and the second is to sign the entire letter.

To create and send a signed message:

1. Click on the Create Mail button or select the menu item File -> New -> Mail message.

3. To send a signed message, check the status of the Sign button. It should be pressed and the signed message sign should be visible on the right side of the screen.

4. Once the message is ready to be sent, click on the Send button:

The second method is when the file itself is signed. Microsoft Office allows you to attach digital signatures to a specific document. To do this you need:

1. From the Tools menu, select Options, and then open the Security tab.

2. Click the Digital Signatures button.

3. Click the Add button.

4. Select the certificate you want, and then click OK.

For other data formats, you must use the CryptoArm program.

6. CryptoPro expires.

During installation, you did not enter the product serial number according to the license you purchased.

7. Mail does not see the certificate.

When setting up email, at the stage of signing the document, the email does not find the required certificate. This happens when the email address that is specified when producing the digital signature does not match the current email address.

8. When installing CryptoPro at the last step, the system displays a message about the incorrect installation of the program and rolls back. What should I do?

The problem occurs due to incomplete (or incorrect) removal of the previous version of Crypto Pro from the computer. To remove files remaining from the previous version, you must use the CryptoPro clear.bat trace cleaning program. You can download the program from here: ftp://ftp.cryptopro.ru/pub/CSP_3_6/clearing.zip

9. Where can I find the public digital signature signature key?

In all signatures issued by our company, the public key is located inside a container on a secure medium. In order to remove it from the container you need to:

When the media is included in the system unit Through the CryptoPro program Start à Control Panel à CryptoPro à Service à View the certificates in the container. In the dialog box that appears, select the required container through the overview à Next. In the window for viewing digital signature public key data, select properties à “Composition” tab à Copy to file and specify the path to save the certificate.

10. CryptoPro does not see the container on the flash drive. Prompts you to select another media.

Depending on what type of media you use, the solutions are different. If you use smart cards such as Rutoken, MSKey, Etoken, then most likely you do not have the drivers installed to work correctly with the key.

If your key is on a USB 2.0 flash drive, then you need to look at the version of the CryptoPro kernel. If you are using CryptoPro 3.0, then you have lost your way. In order to configure it you need to:

When the media is included in the system unit Through the CryptoPro program Start à Control Panel à CryptoPro à Equipment Configure readers Add. In the Reader Installation Wizard window that appears, select Floppy Drive on the right side of the screen (since in CryptoPro all USB drives are defined as floppy disks). In the next window, select the correct name of the flash drive, that is, the name under which the flash drive is identified in “My Computer”.

If you are using CryptoPro 3.6 and the container is not visible, then the media is damaged. It should be provided to the office to determine the status of the key.

11. We have received an electronic signature, what to do next? How to register on the trading platform?

The entire procedure for accreditation, submitting an application to participate in the auction and conducting the auction itself is described in the operating regulations of a specific electronic trading platform, which can be found on the website of this platform. There are also various supporting video materials and instructions for working in the system. Or you can contact us to purchase our accreditation assistance service on any electronic platform.

12. To check what operating system is installed on your computer

- Go to My Computer in Explorer.

— Right-click on the display and select “Properties” from the menu that appears.

— The window that appears contains information about your system.

13. To find out which version of Internet Explorer is installed on your computer

— Launch Internet Explorer.

— Select Help from the horizontal menu at the top of the browser.

— The window that appears contains information about the current version of the browser.

— Possible option

14. To install a newer version of Internet Explorer 8

— Specify the following address on the command line:

— In the window presented, click “Download for free.”

— Click “Run” in the window that appears.

- Then click “Run” again.

— When installation is complete, you must restart your computer.

Hi all! Since I work in the government. institution, I could not avoid using the program for working with cryptokeys “CryptoPro”. Now everything seems simple and quite logical to me, but at the beginning of my career I had many questions about using this program.

Read about how to copy the Crypto Pro key container and install the user’s personal certificate

I think many people know about the well-known sites zakupki.gov and bus.gov... the first is used for posting applications for electronic trading, and the second is for posting information about the organization, however, both require the user’s electronic signature, and it can only work if you have Crypto Pro.

When you generate an electronic signature, it is MANDATORY! should be saved to external media, but this may not always be convenient and not always reliable. Unfortunately, many organizations refuse to keep up with the times and still use floppy disks as a digital signature carrier. I don’t think it’s worth explaining that a floppy disk is a very unreliable option for storing information. Therefore, it is better to have a copy of the key, so that if the media fails, you can recover, rather than generate a new one, because if a new one is generated, you will have to wait for the certificate (At least one day).

When else might this be needed? For example, your chapter. boom a bunch of electronic signatures (ours has 4 of them) and constantly sticking one by one is not always convenient, and the confusion is constant, so all these keys can be copied to the registry of your computer, and the real keys can be hidden away in a safe. Of course, you need to understand that having the keys in the registry, you don’t need the key itself to sign a document - you only need access to the computer where they are installed, so be sure! when copying, set the password for the key container

Let's begin. Launching CryptoPros CSP (issued by your local treasury office) and go to the “Service” tab, click the “Copy…” button

In the next window we should click “Browse” and select the location of our key container, in my case it is a USB flash drive that has the letter F in the system (Drive F)

Now that the container has been selected, we proceed to the process of copying it, make sure that you have selected the correct key and click “Next”

Enter his name

And indicate where to copy it, in my case I copied it to the registry so as not to paste it every time...

If you copied the key to the registry like I did, be sure to create a password!

That’s all, a copy of the key container has been created on the media specified by you 😉 now let’s move on to the next step...

Unlike regular certificates, our certificate must be associated with a private key, so simply clicking the “Install Certificate” button will not work; installing a certificate in CryptoPro differs from the usual procedure.

Open the program, go to the “Services” tab and click “Install personal certificate...”

Click “Browse” and select the user certificate

...and indicate where our key is located (in my case I selected the key copied to the registry)

Checking that everything is selected correctly

Select the certificate storage “Personal”

We check whether we have done everything correctly and click “Finish”, this completes the installation of the cryptopro certificate.

Copying the private key container is a mandatory action when reinstalling the SBS on another computer. You can also copy the certificate if you want to create a spare digital signature key.

Copying a private key container to a flash drive, floppy disk or token is a rather complicated process to avoid errors it is important to strictly follow our instructions.

CryptoPro: certificate copying

Step 1. Opening the CryptoPro program

To open the program follow this path:

Click menu Start, then go to Programs⇒ CryptoPro⇒ CryptoPro CSP and enable the tab Service.

In an open window Service click the button Copy container.

Rice. 1.

Step 2: Copy the private key container

After pressing the button Copy container, the system will display the window Copying the private key container.

Rice. 2

In the open window you need to fill in the field Key container name.

Step 3. Entering the key container

There are 3 ways to fill out the field Key container name:

Manual input

Select from the list by clicking the Browse button

Search by digital signature certificate

In addition to filling out the Key container name field, you must fill in the remaining search options:

- the switch is set to position User or Computer, depending on what storage the container is located in;

Select CSP to search for key containers - the required crypto provider (CSP) is selected from the proposed list.

Once all fields are filled in, click the button Further.

If a password is set for access to the private key, the system will ask you to enter it. Enter your password and click the button OK.

Step 4. Entering a new key container

The system will display the window again Copying a private key container, in which you need to enter the name of the new key container and set the switch The name entered specifies the key container to position User or Computer, depending on in which storage you want to place the copied container.

After entering, click the button Ready.

Step 5: Select media for the copied container

A window will appear on your screen in which you need to select the media for the copied container.

Insert the media (token, flash drive, floppy disk) into the reader and press the button OK.

Step 6. Set a password

The system will display a window for setting a password to access the private key.

Enter your password, confirm it, and check the box if necessary Remember your password.

If this box is checked, the password will be saved in a special storage on the local computer, and when accessing the private key, the password will be automatically read from this storage rather than entered by the user.

After entering the required data, click the button OK. The CryptoPro CSP cryptographic information protection tool will copy the private key container.

If you have any questions, you can order a consultation with a specialist.

If none of the solutions suggested below fix the problem, the key media may have been damaged and requires recovery (see). It is impossible to recover data from a damaged smart card or registry.

If there is a copy of the key container on another medium, then you must use it for work, having first installed the certificate.

Diskette

If you are using a floppy disk as the key container, you must complete the following steps:

1. Make sure that at the root of the floppy disk there is a folder containing the following files: header, masks, masks2, name, primary, primary2. Files must have an extension. key xxxxxx.000.

the private key container has been corrupted or deleted

2. Drive X(for CryptoPro CSP 3.6 - All removable drives), Where X- drive letter. For this:

Select menu;
Go to tab Equipment and press the button Configure readers.

?).

3. In the window Selecting a Key Container set switch Unique names(see Fig. 1).

Rice. 1. Selecting a key container

Select menu Start / Control Panel / CryptoPro CSP;
Go to tab Service and press the button Remove remembered passwords;
Mark item User and press the button OK(see Fig. 2).

Rice. 2. “Remove remembered passwords” window

5. How to copy a container with a certificate to another medium?).

Flash drive

If a flash drive is used as the key media, you must perform the following steps:

1. Make sure that in the root of the media there is a folder containing the files: header, masks, masks2, name, primary, primary2. Files must have the extension .key, and the folder name format should be as follows: xxxxxx.000.

If any files are missing or their format is incorrect, then the private key container may have been damaged or deleted. You also need to check whether this folder contains six files on other media.

2. Make sure that the reader is configured in CryptoPro CSP Drive X(for CryptoPro CSP 3.6 - All removable drives), Where X- drive letter. For this:

Select menu Start / Control Panel / CryptoPro CSP;
Go to tab Equipment and press the button Configure readers.

If the reader is missing, you need to add it (see How to configure readers in CryptoPro CSP?).

3. In the window Selecting a Key Container set switch Unique names.

4. Remove remembered passwords. For this:

Rice. 3. “Remove remembered passwords” window

5. Make a copy of the key container and use it for work (see How to copy a container with a certificate to another medium?).

6. If CryptoPro CSP version is installed at your workplace 2.0 or 3.0 , and Drive A (B) is present in the list of key media, then it must be removed. For this:

Select menu Start / Control Panel / CryptoPro CSP;
Go to tab Equipment and press the button Configure readers;
Select reader Drive A or Drive B and press the button Delete.

After removing this reader, working with the floppy disk will be impossible.

Rutoken

If a Rutoken smart card is used as a key carrier, you must complete the following steps:

1. Make sure that the light on the rutoken is on. If the light does not light, then you should use the following recommendations.

2. Make sure that the reader is configured in CryptoPro CSP Rutoken(for CryptoPro CSP 3.6 - All smart card readers). For this:

Select menu Start / Control Panel / CryptoPro CSP;
Go to tab Equipment and press the button Configure readers.

If the reader is missing, you need to add it (see How to configure readers in CryptoPro CSP?).

3. In the window Selecting a Key Container set switch Unique names.

4. Remove remembered passwords. For this:

Rice. 4. “Remove remembered passwords” window

5. Update the support modules required for Rutoken to work. For this:

Disconnect the smart card from the computer;
Select menu Start / Control Panel / Install and remove programs mm (for Windows Vista\Seven Start / Control Panel / Programs and Features);
Select from the list that opens Rutoken Support Modules and press the button Delete.

After removing modules, you must restart your computer.

Download and install the latest version of support modules. The distribution is available for download on the Active company website.

After installing the modules, you must restart your computer.

6. You should increase the number of Rutoken containers displayed in CryptoPro CSP using the following instructions .

7. Update the Rutoken driver (see How to update the Rutoken driver?).

8. You should make sure that Rutoken contains key containers. To do this, you need to check the amount of free memory on the media by following these steps:

Open Start (Settings) / Control Panel / Rutoken Control Panel(if this item is missing, you should update the Rutoken driver).
In the window that opens Rutoken control panels in point Readers should choose Activ Co. ruToken 0 (1,2) and press the button Information(see Fig. 5).

If the root token is not visible in the item Readers or when you press a button Information The message appears The ruToken memory state has not changed, this means that the media has been damaged, you need to contact the service center for an unscheduled key replacement.

Rice. 5. Program window Rutoken Control Panel.

Check what value is specified in a string Free memory (bytes).

As a key carrier in service centers root tokens with a memory capacity of about 30,000 bytes are issued. One container takes up about 4 KB. The amount of free memory of a rootken containing one container is about 26,000 bytes, two containers - 22,000 bytes, etc.

If the free memory of a root token is more than 29-30,000 bytes, then there are no key containers on it (see Fig. 6). Therefore, the certificate is contained on a different medium.

Rice. 6. “Information about Rutoken” window.

Registry

If the Registry reader is used as a key medium, you must perform the following steps:

1. Make sure that the reader is configured in CryptoPro CSP Registry. For this:

Select menu Start / Control Panel / CryptoPro CSP;
Go to tab Equipment and press the button Configure readers.

If the reader is missing, you need to add it (see How to configure readers in CryptoPro CSP?).

2. In the window Selecting a Key Container set switch Unique names.

3. Remove remembered passwords. For this:

Select menu Start / Control Panel / CryptoPro CSP;
Go to tab Servi with and press the button Remove remembered passwords;
Mark item User and press the button OK(see Fig. 5).

Rice. 5. “Remove remembered passwords” window

Electronic digital signatures (EDS) have long been firmly established in use both in government agencies and in private companies. The technology is implemented through security certificates, both general for the organization and personal. The latter are most often stored on flash drives, which imposes some restrictions. Today we will tell you how to install such certificates from a flash drive to a computer.

Despite their reliability, flash drives can also fail. In addition, it is not always convenient to insert and remove the drive for work, especially for a short period of time. The certificate from the key media can be installed on the production machine to avoid these problems.

The procedure depends on the version of Cryptopro CSP that is used on your machine: Method 1 is suitable for the newest versions, Method 2 is suitable for older versions. The latter, by the way, is more universal.

Method 1: Automatic installation

The latest versions of Cryptopro DSP have a useful function of automatically installing a personal certificate from external media to your hard drive. To enable it, do the following.

The first step is to launch CryptoPro CSP. Open menu "Start", in it go to "Control Panel".

Left-click on the marked item.
The program's working window will open. Open "Service" and select the option to view certificates marked in the screenshot below.

Click the review button.

The program will prompt you to select the location of the container, in our case a flash drive.

Select the one you want and click "Further"..
A preview of the certificate will open. We need its properties - click on the desired button.

In the next window, click on the certificate installation button.

The certificate import utility will open. To continue, press "Further".

You have to select a storage location. In the latest versions of CryptoPro, it is better to leave the default settings.

Finish working with the utility by pressing "Ready".

A message indicating that the import was successful appears. Close it by clicking "OK".

The problem is solved.

This method is the most common today, but in some certificate options it is impossible to use it.

Method 2: Manual installation method

Outdated versions of CryptoPro only support manual installation of a personal certificate. In addition, in some cases, the latest versions of the software can take such a file into use through the import utility built into CryptoPro.

First of all, make sure that the flash drive that is used as a key contains a certificate file in CER format.

Open CryptoPro DSP in the same way as described in Method 1, but this time choosing to install certificates.

Will open "Personal Certificate Installation Wizard". Proceed to select the location of the CER file.

Select your flash drive and the folder with the certificate (as a rule, such documents are located in the directory with the generated encryption keys).

After making sure that the file is recognized, press "Further".

The next step is to review the certificate properties to ensure that you have chosen the correct one. After checking, press "Further".

Next steps are to specify the key container for your CER file. Click on the appropriate button.

In the pop-up window, select the location you need.

Returning to the import utility, click again "Further".

Next, you need to select the storage location for the imported digital signature file. Click "Review".

Since our certificate is personal, we need to mark the corresponding folder.

Attention: if you use this method on the latest CryptoPro, then do not forget to check the box “Install a certificate (certificate chain) into the container”!
Finish with the import utility.

We're about to replace the key with a new one, so feel free to click "Yes" in the next window.

The procedure is over, you can sign the documents.

This method is somewhat more complicated, but in some cases this is the only way to install certificates.

To summarize, let us remind you: install certificates only on trusted computers!