Solutions and recommendations.  causes of problems in setting up the environment when working with the corporate portal of the Social Security Service and methods for eliminating them Installing the “Register” reader

As paper document flow is replaced by electronic one, such a tool as an electronic signature is becoming increasingly important and increasingly widespread. Already, many departments exchange documents exclusively in in electronic format, and each legally significant document is signed with an electronic signature. It is used when working on electronic trading platforms, when interacting with government information systems(such as GIS GMP, GIS Housing and Communal Services and others) and can even be used for authorization on government portals (such as gosuslugi.ru). There is no doubt that the scope of application of electronic signatures will continue to expand in the future, and therefore specialists in the field information technologies it is extremely important to understand the principle of operation electronic signature and be able to take the necessary steps to install and configure software for working with electronic signatures.

Of course, studying this issue would be worth starting with the federal law “On Electronic Signatures” ( http://www.consultant.ru/document/cons_doc_LAW_112701/ ), which provides definitions of concepts, the legal status of an electronic signature, the procedure for its use, etc. helpful information. However, the purpose of this article is to show how quickly, without going into details, to install an electronic signature, which in some cases, in cases where there is no time for proper study, will be very useful.
We will perform the installation on a computer running an operating system. Windows systems 7 Professional, the private key of the electronic signature on the eToken medium, and as a crypto provider we will use CryptoPro CSP.
Let's start by installing the necessary software:
- CryptoPro CSP version 3.6 or higher;
- Media driver (when using eToken or Rutoken).
The driver for eToken can be downloaded for free from the following link http://www.aladdin-rd.ru/support/downloads/etoken/ , the driver for Rutoken is available for download here http://www.rutoken.ru/support/download/drivers-for-windows/ .
Other devices, such as a flash drive, smart card or registry, can also be used as a carrier of key information, but it is not recommended to use them as they do not provide a sufficient level of protection of key information from unauthorized access.

Installing an electronic signature key certificate.

After the eToken driver (Rutoken) and the crypto provider CryptoPro CSP are installed, we can begin installing the electronic signature verification key certificate.
Launch the CryptoPro CSP program, go to the “Service” tab and click the “View certificates in the container” button.

In the window that opens, click “Browse”, select the desired owner and click “OK”.

In the next window, do not change anything, click “Next”.


A window will open in which we can see brief information about the user certificate (information about the owner, the validity period of the certificate and its serial number).


To view detailed information, click “Properties”. If the root certificate of the certification authority has not yet been installed (as in our case), then in the general tab we will see a message as in the figure below. The current root certificate of a certification authority is usually available for download on the website of the certification authority (the organization that issued the electronic signature).

Return to the previous window and click “Install” to continue installing the user certificate. A message appears indicating that the certificate is being installed. Confirm the installation by clicking the “Yes” button.


A message will also appear from eToken PKI, with a proposal to write the certificate to eToken. We refuse, click “Cansel”.


The certificate is installed in the certificate store. Click “Finish” to complete the installation.

Installing the root certificate of the certification authority.

Open the file of the root certificate of the certification authority (with the .cer extension) by double-clicking the mouse and clicking the “Install certificate” button.

The Certificate Import Wizard will open. Click “Next”. Then check the “Place the certificate in the following storage” checkbox.


Through “Browse” we specify the “Trusted Root Certification Authorities” folder.

Click “Ok” and complete the installation. A message appears indicating that the operation was successful.

Now, when we open the properties of the user certificate, we will not see the same error.

All we have to do is test the container private key.

Testing.

Open CryptoPro CSP, and in the “Service” tab, click “Test”.

We find the key container through “Browse” or using the corresponding certificate and click “Next”. You will be prompted to enter a pin code for the container. Enter the password and click “Ok”. If you check the “Remember pin code” checkbox, the system will not request it whenever you access the key container (including when signing a document), which is not recommended in order to protect against unauthorized access.
Next, a window will open with information about the presence or absence of errors.

Installing an electronic signature in the register.

It is possible that the private key of an electronic signature needs to be duplicated in order to be used on several computers. In such cases, the optimal solution would be to install the private key of the electronic signature in the registry. For a container created in the registry, you can set a password and thereby limit access to the private key of the electronic signature, which is stored in the container. Removable media, after installation, can be transferred to another user. I note that such a measure is justified in cases where, for example, several employees of one organization (department) use the same signature (for example, the signature of an authority). In other cases, resorting to such measures is not recommended.

Installation of the “Register” reader.

The first thing you need to do is install the reader. This is quite easy to do using the reader installation wizard (adding and removing readers is done under account with administrator rights). If, when installing CryptoPro CSP, you checked the “Register reader “Registry”” checkbox, as in the figure below, and it is present in the list of readers, you can immediately proceed to copying the private key container to the registry.


Launch CryptoPro CSP, in the “Equipment” tab, click the “Configure readers” button.

In the window that opens, click “Add”.

The reader installation wizard will start, click “Next”.


From the list in the window on the right, select “Registry” and click “Next”.


Then we set the name of the reader, or leave it unchanged as in our example and click “Next”.


We complete the wizard and click “Finish”.

Copying the private key container to the registry.

The reader is prepared, now you need to copy the container with key information from the eToken removable media to the registry. To do this, go to the main menu of CryptoPro CSP and in the “Service” tab, click the “Copy” button. Through “Browse” we indicate the container that we want to copy to the registry.


The system will then ask for a password to access the container on removable media(eToken). Enter the password, and in the next window set the name for the key container that will be created in the registry.


In the next window, the program will prompt you to select the media on which you want to burn the container. Select “Registry” and click “Ok”.


Now we need to set a password for the container that we placed in the registry.

Enter the password, confirm and click “OK”.
Now, having launched the function of testing the private key container, in addition to the container on removable media, we will see the created container on the “Registry” reader.
We complete the container testing procedure. If no errors are found, proceed to installing the electronic signature key certificate (if it has not been done previously). The procedure for installing a certificate from the registry is similar to the installation procedure from removable media, and if the owner’s certificate has already been installed from removable media, then installing it again after copying the container to the registry is not required.

The operating system is not included in the list of operating systems supported by the portal.
The Foundation Portal fully supports the following operating systems:

1. Windows XP Professional SP2
2. Windows 2000 Professional SP4
3. Windows 2003 Server Enterprise Edition SP2
4. Windows 7
5. Windows 2008 Server R2
6. Windows Vista (conditional)

1. Windows 8 Internet Explorer 10
2. Windows 8, Internet Explorer 11
3. Windows 8.1, Internet Explorer 11
4. Windows Server 2012, Internet Explorer 11
5. Windows 10, Internet Explorer 11

Diagnostics.

To view information about the operating system installed on your computer, follow these steps:

i.

ii. Select "Run"

iii. Type in the “Open:” fieldmsinfo 32

iv. In the system information window, read the name operating system in the "OS Name" field

Solution.

1. The browser or browser version is not supported by the portal. The portal supports Internet Explorer browser versions:

Diagnostics.

To view information about the browser version installed on your computer, follow these steps:

i. Select "Help" from the main menu Internet Explorer.

ii. Select "About" from the "Help" menu

iii.

Solution.

1. The program for working with EDS PCDST ACS PU is missing or installed incorrectly.

Diagnostics.

To check whether a program for working with digital signature is installed on your computer, follow these steps:

i. Click the Start button on the main menu.

ii.

iii.

iv. The list of installed programs must contain "Avest CSP for BelSSF v . 5.0.0.595" and "Client software PCDSI ACS PU for payers of the Federal Social Security Service 2.1.8.104"

Solution.

1. The version of the program for working with digital signature "AVEST" is not supported by the portal and is not 2.1.8.104

Diagnostics.

To view information about the digital signature program installed on your computer, follow these steps:

i. Select the “Help” item in the main menu of the digital signature program.

ii. Select “About” from the “Help” menu

iii. In the About window, read the version number.

Solution.

To solve this problem, it is recommended to install a program for working with the EDS PCDST of the ACS PU. The distribution can be downloaded from this link. You must first complete the following steps:

i. Click the Start button on the main menu.

ii. Select "Control Panel"

iii. Select Add/Remove Programs from Control Panel

iv. In the list of installed programs, find “Client software PCDSI ASU PU for FSZN payers.” The version must be different from 2.1.8.104. Perform uninstallation.

v. In the list of installed programs, find "Avest CSP for BelSSF" The version must be different from 5.0.0.595. Perform uninstallation.

vi. When finished, reboot.

1. The Avest ActiveX object is missing or installed incorrectly.

Solution.

To solve this problem, you need to make sure you have installed program to work with the EDS PCDST of the ACS PU (see paragraphs 3, 4 of this manual) and perform the following steps:

i. Click the Start button on the main menu.

ii. Select "Run"

iii. Type in the “Open” field :» explorer C:\Program Files\Avest\AvFundClient\Bin

iv. Make sure that there is a file named AvFundCryptX.dll in this path.

v. Complete the stepsi,ii.

vi. Type in the “Open:” fieldregsvr 32" C:\ Program Files\ Avest\ AvFundClient\Bin\AvFundCryptX.dll".Please note: the path must be in double quotes!

vii. Upon completion, the system should report successful registration

1. Personal certificate, issued by a certification center of one of the departments of the Social Protection Fund, is missing or invalid. Certificate assignments are incomplete.

Diagnostics.

To check for a certificate, follow these steps:

i. Select "Tools" from the Internet Explorer main menu

ii. Select Internet Options from the Tools menu

iii. In the Internet Options window, select the Contents tab

iv. Click the "Certificates" button on the "Content" tab

v. On the “Certificates” form, on the “Personal” tab, there must be at least one certificate.

vi. Call the form for viewing certificate information by double-clicking the left mouse button or click the “View” button

vii. The certificate must meet a number of requirements:

a. be issued by one of the certification centers of the Social Protection Fund

b. be valid

c. intended to confirm to a remote computer the identification of your computer and use it for the purpose of organizing personalized accounting

Solution.

1. Failed to access file system Your computer, because Your profile has been moved.

Solution.

To solve this problem, use a direct link to enter the site: https://portal.ssf.gov.by/portal/page/portal/startpage

1. Error – “There are no suitable certificates.”

2. After launching CryptoBUTB (from a USB drive), “An error occurred while initializing the application...”