Often people come to us with a question, how to install a certificate through CryptoPo CSP... Situations are different: the director or chief accountant has changed, received new certificate at a certification center, etc. It used to work, but now it doesn't. Here's what you need to do to install a personal digital certificate on your computer.
You can install a personal certificate in two ways:
1. Via the menu CryptoPro CSP"View certificates in container"
2. Through the CryptoPro CSP menu "Install personal certificate"
If the workplace uses operating system Windows 7 without SP1, then the certificate should be installed according to the recommendations of option number 2.
Option number 1. Install through the menu "View certificates in the container"
To install a certificate:
1. Select Start -> Control Panel -> CryptoPro CSP -> Service tab and click the "View certificates in container" button.
2. In the window that opens, click the "Browse" button. Select a container and confirm your choice with the OK button.
If the message “There is no private key in the container public key encryption ”, go to the installation digital certificate according to option number 2.
4. If “CryptoPro CSP” version 3.6 R2 (product version 3.6.6497) or higher is installed on your computer, then in the window that opens, click on the “Install” button. Then agree to the proposal to replace the certificate.
If the “Install” button is not present, in the “Certificate for viewing” window, click the “Properties” button.
5. In the “Certificate” window -> “General” tab, click on the “Install certificate” button.
6. In the Certificate Import Wizard window, select Next.
7. If you have installed “CryptoPro CSP” version 3.6, then in the next window it is enough to leave the switch on the item “Automatically select storage based on the type of certificate” and click “Next”. The certificate will be automatically installed in the Personal store.
Option 2. Install through the "Install personal certificate" menu
To install, you will need, in fact, the certificate file itself (with the .cer extension). It can be located, for example, on a floppy disk, on a token, or on a computer's hard drive.
To install a certificate:
1. Select Start -> Control Panel -> CryptoPro CSP -> Service tab and click the “Install Personal Certificate” button.
2. In the “Personal Certificate Installation Wizard” window, click the “Next” button. In the next window, to select the certificate file, click “Browse”.
3. Specify the path to the certificate and click on the "Open" button, then "Next".
4. In the next window, you can view information about the certificate. Click Next.
5. In the next step, enter or specify the private key container that corresponds to the selected certificate. To do this, use the “Browse” button.
If you have installed CryptoPro CSP version 3.6 R2 (product version 3.6.6497) or higher, check the “Install certificate to container” checkbox.
8. Select the "Personal" vault and click OK.
9. The repository you have selected. Now click Next, then Finish. After that, a message may appear:
In this case, click “Yes”.
10. Wait for the message that the personal certificate was successfully installed on the computer.
That's it, you can sign documents using the new certificate.
If none of the solutions suggested below fix the problem, the key medium may have been damaged and needs to be repaired (see). There is no way to recover data from a damaged smart card or registry.
If there is a copy of the key container on another medium, then you must use it for work, having previously installed the certificate.
Diskette
If a floppy disk is used as a key container, you must perform the following steps:
1. Make sure that at the root of the floppy there is a folder containing the files: header, masks, masks2, name, primary, primary2. The files must have a .key extension and the folder name must have the following format: xxxxxx.000.
the private key container has been damaged or deleted
2. Make sure that the "Drive X" reader is configured in CryptoPro CSP (for CryptoPro CSP 3.6 - "All removable drives"), where X is the drive letter.
- Select "Start" menu> "Control Panel"> "CryptoPro CSP";
?).
3. In the CryptoPro CSP window "Select a key container" set the radio button "Unique names".
4.
- Select "Start" menu> "Control Panel"> "CryptoPro CSP";
- Go to the "Service" tab and click on the "Delete remembered passwords" button;
5. How can I copy a container with a certificate to another medium?).
Flash drive
If a flash drive is used as a key carrier, you must perform the following steps:
1. Make sure that in the root of the media there is a folder containing the files: header, masks, masks2, name, primary, primary2 . The files must have a .key extension and the folder name format must be: xxxxxx.000 .
If any files are missing or are not in the correct format, then the private key container may have been damaged or deleted. You also need to check if this folder with six files is contained in other media.
2. Make sure that the "Drive X" reader is configured in CryptoPro CSP (for CryptoPro CSP 3.6 - "All removable drives"), where X is the drive letter.
- Select "Start" menu> "Control Panel"> "CryptoPro CSP";
- Go to the "Equipment" tab and click on the "Configure readers" button.
If there is no reader, it must be added (see How to configure readers in CryptoPro CSP?).
3.
4. Delete memorized passwords. For this:
- Select "Start" menu> "Control Panel"> "CryptoPro CSP";
- Mark the item "User" and click on the "OK" button.
5. Make a copy of the key container and use it for work (see How to copy a container with a certificate to another medium?).
6. If CryptoPro is installed at the workplace CSP versions 2.0 or 3.0, and there is Drive A (B) in the list of key media, then it must be removed. For this:
- Select "Start" menu> "Control Panel"> "CryptoPro CSP";
- Go to the "Equipment" tab and click on the "Configure readers;"
- Select the reader "Drive A" or "Drive B" and click on the "Delete" button.
After deleting this reader, it will be impossible to work with the floppy disk.
Rutoken
If a Rutoken smart card is used as a key carrier, the following steps must be followed:
1. Make sure the light on the rutoken is on. If the light is off, then you should use the following recommendations.
2. Make sure that the "Rutoken" reader is configured in CryptoPro CSP (for CryptoPro CSP 3.6 - "All smart card readers").
- Select "Start" menu> "Control Panel"> "CryptoPro CSP";
- Go to the "Equipment" tab and click on the "Configure readers" button.
If there is no reader, it must be added (see How to configure readers in CryptoPro CSP?).
3. In the window "Select a key container" set the radio button "Unique names".
4. Delete memorized passwords. For this:
- Select "Start" menu> "Control Panel"> "CryptoPro CSP" ;
- Go to the "Service" tab and click on the "Delete remembered passwords" button;
- Mark the item "User" and click on the "OK" button.
5. Update support modules required for Rutoken to work. For this:
- Disconnect the smart card from the computer;
- Select "Start"> "Control Panel"> "Add or Remove Programs" (for Windows Vista \ Seven "Start"> "Control Panel"> "Programs and Features");
- Select "Rutoken Support Modules" from the list that opens and click on the "Remove" button.
After removing the modules, you need to restart the computer. .
- Download and install latest version support modules. The distribution kit is available for download on the site of the Aktiv company.
After installing the modules, you need to restart your computer.
6. You should increase the number of containers displayed in CryptoPro CSP on Rutoken using the following instruction .
7. Update the Rutoken driver (see How do I update the Rutoken driver?).
8. Make sure Rutoken contains key containers. To do this, you need to check the amount of free memory on the media by following these steps:
- Open "Start" ("Settings")> "Control Panel"> "Rutoken Control Panel" (if this item is missing, then you should update the Rutoken driver).
- In the opened window "Rutoken Control Panel" in the "Readers" item, select "Activ Co. ruToken 0 (1,2) "and click on the" Information "button.
If the rutoken is not visible in the "Readers" item or when you press the "Information" button, the message "The ruToken memory state has not changed" appears, then the medium has been damaged, you need to contact the service center for an unplanned replacement of the key.
- Check what value is indicated in the "Free memory (byte)" line.
As a key carrier in service centers rootkens with a memory size of about 30,000 bytes are issued. One container takes up about 4 Kb. The free memory of a rootken containing one container is about 26,000 bytes, two containers - 22,000 bytes, etc.
If the amount of free memory of a rootken is more than 29-30,000 bytes, then there are no key containers on it. Therefore, the certificate is contained on a different medium.
Registry
If the Registry reader is used as a key carrier, you must perform the following steps:
1. Make sure that the "Registry" reader is configured in CryptoPro CSP. For this:
- Select "Start" menu> "Control Panel"> "CryptoPro CSP";
- Go to the "Equipment" tab and click on the "Configure readers" button.
If there is no reader, it must be added (see How to configure readers in CryptoPro CSP?).
2. In the window "Select a key container" set the radio button "Unique names".
3. Delete memorized passwords. For this:
- Select "Start" menu> "Control Panel"> "CryptoPro CSP";
- Go to tab « Service "and click on the button" Delete remembered passwords ";
- Mark the item "User" and click on the "OK" button.
Good day!
I think that almost every user (especially in recent times) encountered an error in the browser stating that the certificate of such and such a site is not trusted, and a recommendation not to visit it.
On the one hand, this is good (after all, the browser and, in general, the popularization of such certificates ensures our security), but on the other hand, a similar error sometimes pops up even on very well-known sites (on the same Google).
The essence of what is happening, and what does it mean?
The fact is that when you connect to the site on which the SSL protocol, then the server sends the digital document to the browser ( certificate) that the site is genuine (and not a fake or a clone of something there ...). By the way, if everything is fine with such a site, browsers mark them with a "green" lock: the screenshot below shows how it looks in Chrome.
However, certificates can be issued, as well-known organizations (Symantec, Rapidssl, Comodo, etc.) , and in general anyone. Of course, if the browser and your system "do not know" who issued the certificate (or there is a suspicion of its correctness), then a similar error appears.
Those. I lead to the fact that both completely white sites and those that are really dangerous to visit can fall under the distribution. Therefore, the appearance of such an error is a reason to take a close look at the site address.
Well, in this article I want to point out several ways to eliminate such an error, if it began to appear even on white and well-known sites (for example, on Google, Yandex, VK and many others. You won't refuse to visit them?).
How to fix the error
1) Pay attention to the website address
The first thing to do is just pay attention to the site address (you may have typed the wrong URL by mistake). Also, sometimes this happens due to the fault of the server on which the site is located (perhaps, in general, the certificate itself is simply outdated, because it is issued to certain time). Try visiting other sites, if everything is OK with them - then most likely the problem is not with your system, but with that particular site.
Example of error "The site's security certificate is not trusted"
However, I note that if the error appears on a very well-known site that you (and many other users) fully trust, then there is a high probability of a problem in your system ...
2) Check the date and time set in Windows
The second point - a similar error can pop up if your system has an incorrect time or date. To correct and clarify them, just click on the "time" in the panel Windows tasks(in the lower right corner of the screen). See screenshot below.
After setting the correct time, restart your computer and try to reopen the browser and the sites in it. The error should be gone.
I also draw your attention to the fact that if your time is constantly getting lost, you probably have run out of battery on motherboard... It looks like a small "tablet", thanks to which the computer remembers the settings you entered, even if you disconnect it from the network (for example, are the same date and time somehow calculated?).
3) Try updating your root certificates
Another option for how you can try to solve this problem is to install an update for root certificates. Updates can be downloaded from the Microsoft website for different operating systems. For client operating systems (i.e. for ordinary home users), these updates are suitable:
4) Installing "trusted" certificates into the system
Although this method is working, I would like to warn you that it "can" become a source of problems in the security of your system. At least, I advise you to resort to this only for such large sites as Google, Yandex, etc.
To get rid of the error associated with the inaccuracy of the certificate, a special should come up. plastic bag GeoTrust Primary Certification Authority .
By the way, to download GeoTrust Primary Certification Authority:
Now you need to install the downloaded certificate into the system. How to do this, I'll tell you the steps below:
5) Pay attention to anti-virus utilities
In some cases, this error may occur due to the fact that some program (for example, antivirus) checks https traffic. This sees the browser that the received certificate does not match the address from which it was received, and as a result, a warning / error appears ...
Therefore, if you have an antivirus / firewall installed, check and temporarily disable the https traffic scanning setting (see an example of AVAST settings on the screenshot below).
That's all for me ...
For additions on the topic - a separate merci!
All the best!
