We are often asked the question how to install a certificate through CryptoPro CSP. There are different situations: a director or chief accountant has changed, a new certificate has been received from a certification center, etc. Everything used to work, but now it doesn't. We tell you what you need to do to install a personal digital certificate on a computer.
You can install a personal certificate in two ways:
1. Through the CryptoPro CSP menu "View certificates in the container"
2. Through the CryptoPro CSP menu "Install personal certificate"
If the workplace uses the Windows 7 operating system without SP1, then you should install the certificate according to the recommendations of option No. 2.
Option number 1. Install through the menu "View certificates in the container"
To install a certificate:
1. Select Start -> Control Panel -> CryptoPro CSP -> Tools tab and click the “View Certificates in Container” button.
2. In the window that opens, click the "Browse" button. Select a container and confirm your choice with the OK button.
If the message “There is no encryption public key in the private key container” appears, proceed to install the digital certificate according to option #2.
4. If you have “CryptoPro CSP” version 3.6 R2 (product version 3.6.6497) or higher installed on your computer, click the “Install” button in the window that opens. After that, agree to the suggestion to replace the certificate.
If there is no "Install" button, in the "View Certificate" window, click the "Properties" button.
5. In the “Certificate” window -> “General” tab, click on the “Install certificate” button.
6. In the "Certificate Import Wizard" window, select "Next".
7. If you have “CryptoPro CSP” version 3.6 installed, then in the next window, just leave the switch on the item “Automatically select a storage based on the type of certificate” and click “Next”. The certificate will be automatically installed in the "Personal" store.
Option 2. Install through the menu "Install personal certificate"
To install, you will need, in fact, the certificate file itself (with the .cer extension). It can be located, for example, on a floppy disk, on a token, or on a computer hard drive.
To install a certificate:
1. Select Start -> Control Panel -> CryptoPro CSP -> Service tab and click the “Install personal certificate” button.
2. In the “Personal Certificate Installation Wizard” window, click the “Next” button. In the next window, to select a certificate file, click "Browse".
3. Specify the path to the certificate and click the "Open" button, then "Next".
4. In the next window, you can view information about the certificate. Click "Next".
5. In the next step, enter or specify the private key container that corresponds to the selected certificate. To do this, use the "Browse" button.
If you have CryptoPro CSP 3.6 R2 (product version 3.6.6497) or higher installed, check the “Install certificate in container” box.
8. Select the "Personal" storage and press OK.
9. The storage you have chosen. Now click "Next", then - "Finish". After that, a message may appear:
In this case, click "Yes".
10. Wait for a message about the successful installation of a personal certificate on the computer.
That's it, you can sign documents using the new certificate.
List of documents for a legal entity:
1. Extract from the Unified State Register of Legal Entities (USRLE) not older than 30 days.
2. Passport
3. Company details
4. SNILS (Insurance Certificate of State Pension Insurance)
5. TIN certificate
List of documents for an individual entrepreneur (IP):
1. Extract from the Unified State Register of Individual Entrepreneurs (EGRIP)
2. Passport
3. SNILS (Insurance Certificate of State Pension Insurance)
4. TIN certificate
List of documents for an individual:
1. Passport
2. TIN certificate
2. SNILS (Insurance Certificate of State Pension Insurance)
2. A window pops up: "Error! The CAPICOM library cannot be loaded, possibly due to low access rights on this local machine."
If you get a window "Error! The CAPICOM library cannot be loaded, possibly due to low access rights on this local machine" pops up while working on the roseltorg.ru website, you need to:
1. Click on the yellow bar under the site address with the text "This website is trying to install the following add-on: "CAPICOM User Download v2.1.0.2" from "Microsoft Corporation". If you trust this website and add-on and want to install it , click here...";
2. Select "Install ActiveX Control";
3. Click on the "Install" button; this procedure must be performed until the window with this message stops popping up (this is individual for each computer). This is a one time setting.
3. How to install a personal certificate?
Installing a personal certificate (your organization's certificate) can be done in the following way:
Through the menu "View certificates in the container"
1. Select Start / Control Panel / CryptoPro CSP, go to the Service tab and click on the button View certificates in a container(see fig. 1).
Rice. 1. “CryptoPro CSP Properties” window
2. In the window that opens, click the Browse button to select a container to view. After selecting the container, click on the OK button (see Fig. 2).
Rice. 2. Window for selecting a container for viewing
3. In the next window, click on the Next button.
Rice. 3. Window "Selected private key container"
4. If the version of CryptoPro CSP 3.6 R2 (product version 3.6.6497) or higher is installed, then in the window that opens, click the Install button, and then respond in the affirmative to the certificate replacement notification (if it appears).
Rice. 4. Certificate view window
5. In the window that appears about the successful installation of the certificate, click OK
Rice. 5. The window "Message about the successful installation of the certificate"
6. then press the button ready
Rice. 6. View window for the selected certificate
5. Close the CryptoPro CSP window by pressing the OK button
Detailed information on installing the certificate is available at the following link.
4. How to set up email.
Outlook Express security settings are configured as follows:
1. Select the menu item Tools -> Accounts and open the Mail tab.
2. In the displayed list of accounts, select the one you want to configure and click the Properties button.
3. In the displayed dialog, select the Security tab, which allows the user to specify their personal certificates that will be used when selecting the user's private keys to generate an electronic digital signature and decrypt incoming messages. The certificate selection dialog only displays certificates that have a matching email address and are allowed for email security
5. In the displayed dialog, select the Security tab:
6. In the displayed dialog, set the following modes:
a. Enable user when sending encrypted mail / Always encrypt messages when sending encrypted mail . Setting the enable mode allows the sender to decrypt messages sent to them.
b. Include my digital ID when sending singed messages. Setting this mode will automatically add the sender's certificate to all messages. This mode allows you to exchange certificates using a signed message, and then use the received certificates for subsequent encryption of messages between recipients.
c. Send messages with an opaque signature/ Encode message before signing. When message mode is enabled, all attachments will be merged into a single attachment with a digital signature included. If the mode is disabled, the signature is generated as one separate attachment for all attachments.
d. Add senders certificates to my address book automatically. When this mode is enabled, certificates transmitted as part of a signed message will be automatically added to the address book.
e. Check for revoked Digital Ds:
i. only when online / Only when online. Setting a verification token causes each operation to generate or verify an electronic digital signature to be accompanied by a certificate revocation check. To check for revocation, a Certificate Revocation List (CRL) is used, the location of which is recorded as an appendix in each user's certificate. By default, this option is not enabled, and Outlook Express does not track if user keys have been compromised.
ii. Never / Never.
Revocation check is not performed.
5. How to sign a document.
There are 2 types of sending a signed document.
The first way is to sign the document itself and the second way is to sign the entire letter.
To create and send a signed message:
1. Click the Create Mail button or select the menu item File -> New -> Mail message.
3. To send a signed message, check the status of the Sign button. It should be pressed and the sign of the signed message should be visible on the right side of the screen.
4. After the message is prepared for sending, click the Send button:
The second way is when the file itself is signed. The Microsoft Office package allows you to attach digital signatures to a specific document. For this you need:
1. On the Tools menu, select Options, and then click the Security tab.
2. Click the Digital Signatures button.
3. Click the Add button.
4. Select the desired certificate, and then click the OK button.
For other data formats, you must use the CryptoArm program.
6. CryptoPro expires.
During installation, the serial number of the product according to the license you purchased was not entered.
7. Mail does not see the certificate.
When setting up e-mail, at the stage of signing a document, the mail does not find the required certificate. This happens when the e-mail address, which is indicated during the production of the EDS, does not match the valid e-mail box.
8. When installing CryptoPro, at the last step, the system displays a message about the incorrect installation of the program and rolls back. How to be?
The problem occurs due to incomplete (or incorrect) removal of the previous version of Crypto Pro from the computer. To remove the files remaining from the previous version, you must use the CryptoPro trace cleanup program clear.bat. You can download the program from here: ftp://ftp.cryptopro.ru/pub/CSP_3_6/clearing.zip
9. Where can I find the EDS signing public key?
All signatures issued by our company have the public key inside a container on a secure medium. In order to extract it from the container, you must:
With the media included in the system unit Via the CryptoPro Start à Control Panel à CryptoPro àService à View certificates in the container. In the dialog box that appears, select the desired container via the browse à Next. In the EDS public key data view window, select properties à Composition tab à Copy to file and specify the path to save the certificate.
10. CryptoPro does not see the container on the flash drive. Prompts you to select another medium.
Depending on what type of media you are using, the solutions are different. If you use smart cards such as Rutoken, MsKey, Etoken, then most likely you do not have drivers installed to work correctly with the key.
If your key is on a USB 2.0 flash drive, then you need to look at the version of the CryptoPro core. If you are using CryptoPro 3.0, then you have gone astray. In order to set it up you need to:
When the media is included in the system unit Via CryptoPro Start à Control Panel à CryptoPro àHardware Configure readers Add. In the reader installation wizard window that appears, select Drive on the right side of the screen (since in CryptoPro all USB media are defined as floppy disks). In the next window, select the correct name for the flash drive, that is, the name under which the flash drive was defined in "My Computer".
If you are using CryptoPro 3.6 and the container is not visible, then the medium is damaged. It should be submitted to the office to determine the status of the key.
11. We received an EDS, what to do next? How to register on the trading platform?
The entire procedure for accreditation, filing an application for participation in the auction and holding the auction itself is described in the regulations of a particular electronic trading platform, which can be found on the website of this platform. There are also various auxiliary video materials, instructions for working in the system. Or you can contact us to purchase our service of assistance in accreditation on any electronic platform.
12. To check which operating system is installed on your computer
- Go to the explorer in My Computer.
- Right-click on the display and select "Properties" from the menu that appears.
— The window that appears contains information about your system.
13. To find out which version of Internet Explorer is installed on your computer
- Launch Internet Explorer.
- Select "Help" from the horizontal menu at the top of the browser.
— The window that appears contains information about the current version of the browser.
- Possible option
14. To install a newer version of Internet Explorer 8
- Specify the following address on the command line:
- In the window presented, click "Download for free".
- Click "Run" in the window that appears.
- Then click "Run" again.
- When installation is complete, you must restart your computer.
Copying the private key container is a mandatory action when reinstalling SBiS on another computer. You can also copy the certificate if you want to create a spare digital signature key.
Copying the container of the private key to a flash drive, floppy disk or token is a rather complicated process, in order to avoid errors it is important to strictly follow our instructions.
CryptoPro: certificate copy
Step 1. Opening the CryptoPro program
Follow the steps below to open the program:
Click menu Start, then go to Programs⇒ CryptoPro⇒ CryptoPro CSP and enable tab Service.
In an open window Service press the button Copy container.
Rice. 1.
Step 2: Copy the private key container
After pressing the button copy container, the system will display the window Copying the private key container.
Rice. 2
In the open window, you must fill in the field Key container name.
Step 3. Entering the Key Container
There are 3 ways to complete the field Key container name:
Manual input
Select from the list by pressing the Browse button
Search by EDS certificate
In addition to filling in the Key container name field, you must fill in the remaining search options:
- - the switch is set to position User or Computer, depending on the storage in which the container is located;
- Select CSP to find key containers - the required cryptographic provider (CSP) is selected from the proposed list.
After all fields are filled in, click the button Further.
If a password is set for access to the private key, the system will ask you to enter it. Enter your password and click the button OK.
Step 4. Entering a new key container
The system will re-display the window Copying the private key container, in which you must enter the name of the new key container and set the radio button The entered name specifies the key container into position User or Computer, depending on which storage you want to place the copied container.
After entering, press the button Ready.
Step 5. Selecting media for the copied container
A window will appear on your screen in which you need to select the media for the copied container.
Insert the media (token, flash drive, floppy disk) into the reader and press the button OK.
Step 6. Setting a password
The system will display a window for setting a password to access the private key.
Enter a password, confirm it, check the box if necessary Remember password.
If this checkbox is checked, then the password will be stored in a special storage on the local computer, and when accessing the private key, the password will be automatically read from this storage, and not entered by the user.
After entering the required data, click the button OK. CryptoPro CSP will copy the private key container.
If you have any questions, you can order a consultation with a specialist.
Installing the certificate and private key
We will describe the installation of an electronic signature certificate and a private key for Windows operating systems. During the setup process, we will need Administrator rights (so we may need a sysadmin if you have one).
If you have not yet figured out what an Electronic Signature is, then please read Or if you have not yet received an electronic signature, contact the Certification Authority, we recommend SKB-Kontur.
Well, suppose you already have an electronic signature (token or flash drive), but OpenSRO reports that your certificate is not installed, this situation may arise if you decide to set up your second or third computer (of course, the signature does not "grow" only to one computer and it can be used on multiple computers). Usually, the initial setup is carried out with the help of the technical support of the Certification Authority, but let's say this is not our case, so let's go.
1. Make sure CryptoPro CSP 4 is installed on your computer
To do this, go to the menu Start CRYPTO-PRO CryptoPro CSP run it and make sure that the version of the program is at least 4th.
If it is not there, then download, install and restart your browser.
2. If you have a token (Rutoken for example)
Before the system can work with it, you will need to install the correct driver.
- Drivers Rutoken: https://www.rutoken.ru/support/download/drivers-for-windows/
- Drivers eToken: https://www.aladdin-rd.ru/support/downloads/etoken
- Drivers JCarta: https://www.aladdin-rd.ru/support/downloads/jacarta
The algorithm is as follows: (1) Download; (2) Install.
3. If the private key is in the form of files
The private key can be in the form of 6 files: header.key , masks.key , masks2.key , name.key , primary.key , primary2.key
There is subtlety here. if these files are written to the hard drive of your computer, then CryptoPro CSP will not be able to read them, so all actions must be performed after writing them to a USB flash drive (removable media), and you need to place them in the first level folder, for example: E:\Andrey\( files) if located in E:\Andrey\ keys\(files) will not work.
(If you are not afraid of the command line, then removable media can be simulated like this: subst x: C:\tmp a new disk (X:) will appear, it will contain the contents of the C:\tmp folder, it will disappear after a reboot. This method can be used if you plan to install keys in the registry)
Found the files, recorded on a USB flash drive, go to the next step.
4. Installing a certificate from a private key
Now we need to get a certificate, you can do this as follows:
- We open CryptoPro CSP
- Go to the tab Service
- We press the button View certificates in a container, press Review and here (if everything was done correctly in the previous steps) we will have our container. We press the button Further, information about the certificate will appear and then click the button Install(the program may ask whether to put a link to the private key, answer "Yes")
- After that, the certificate will be installed in the storage and it will be possible to sign documents (at the same time, at the time of signing the document, it will be necessary that the flash drive or token be inserted into the computer)
5. Using an electronic signature without a token or flash drive (installation in the registry)
If the speed and convenience of work for you is a little higher than security, then you can install your private key in the Windows registry. To do this, you need to do a few simple steps:
- Prepare the private key described in paragraphs (2) or (3)
- Next, open CryptoPro CSP
- Go to the tab Service
- We press the button Copy
- With button Review choose our key
- We press the button Further, then we will come up with some name, for example "Pupkin, Romashka LLC" and press the button Ready
- A window will appear in which you will be prompted to select the media, select Registry, click OK
- The system will ask Set password for the container, come up with a password, click OK
Important note: the OpenSRO portal will not "see" the certificate if it has expired.
Installation via the View Certificates in Container menu
1. Select "Start" > "Control Panel" > "CryptoPro CSP", go to the "Tools" tab and click on the "View Certificates in Container" button.
2. In the window that opens, click the Browse button to select a container to view. After selecting the container, click on the "OK" button.
3. In the window that opens, click the "Next" button.
4. In the next window, click the button« Install”, and then affirmatively answer the certificate replacement notification (if it appears). The certificate is installed.
5. If the "Install" button is missing, then in the "Certificate for viewing" window, click on the "Properties" button.
6. In the window that opens, select Install Certificate.
7. In the Certificate Import Wizard window, select Next . In the next window, leave the radio button on Automatically select a store based on certificate type and click Next. The certificate will be installed in the Personal store.
8. In the next window, select "Next", then click on the button "Finish" and wait for the message about successful installation.
Installation via the menu "Install personal certificate"
For installation, you will need a certificate file (a file with the .cer extension). The certificate file can be exported from the Personal store. If the repository does not contain the required certificate, then contact technical support at h [email protected], indicating the TIN and KPP of the organization and the essence of the problem.
1. Select Start > Control Panel > CryptoPro CSP. In the CryptoPro CSP Properties window, go to the "Service" tab and click on the "Install personal certificate" button.
2. In the "Certificate Import Wizard" window, click on the "Next" button. In the next window, click on the Browse button and select the certificate file.
4. In the next window, click on the "Next" button.
5. Click the Browse button .
6. Specify the private key container corresponding to the certificate and click the OK button.
7. After selecting the container, click on the "Next" button .
8. In the Select Certificate Store window, click the Browse button.
If CryptoPro CSP 3.6 R2 (product version 3.6.6497) or higher is installed, then check the box "Install certificate in container".
9. Select the Private storage and click OK.
10. After selecting the storage, click on the Next button, then Finish. After clicking on the Done button, you may be asked to replace the existing certificate with a new one. In the prompt window, select Yes.
Wait for a message about successful installation. The certificate is installed.
