There is no certificate in the container, what should I do? How to export a public key

Many procurement participants, regardless of experience, are faced with the problem of correct operation on the electronic trading platform. These errors can be discovered at any time, including during electronic trading.

The consequences can be very different, namely:

• Application for participation in the competition not submitted on time
• Lost e-auction
• State contract not signed on time

The three most common problems when working with electronic signatures

1. The procurement participant certificate is not displayed on the electronic platform
2. Electronic signature does not sign documents

In fact, there may be many more errors, but we will analyze the main ones and their causes, and also outline possible ways to eliminate problems.

The most important thing to remember is that for correct operation electronic signature you must use the Internet Explorer browser no lower than version 8 and, preferably, no higher than 11 (with version 11 there is no guarantee of stable operation of the signature).

The signing key certificate is not visible on the site when trying to log in to the system

IN in this case The error is caused by several reasons, namely:

• Incorrect configuration of the signing key certificate
• Internet browser is not configured correctly
• The root certificate of the Certification Authority is missing

How to solve a problem?

First of all, you need to make sure that you have correctly installed the public part of the certificate into personal ones via CIPF (Crypto Pro). In this case, the version of the installed program is suitable for the type of operating system you have.

Then, in the Internet Explorer browser settings, you need to add site addresses to trusted sites and enable all ActiveX elements.

Electronic signature gives an error when signing documents

Typically, this error occurs in a number of cases:

• The CryptoPro program license has expired
• Media with a different certificate is inserted

How to fix it?

To do this, you need to obtain a new license by contacting the Certification Center. After the license has been successfully received, you need to launch CryptoPro and enter the license serial number.

In the second case, you need to check all closed containers (media) inserted into the USB connector of the computer and check that the correct certificate is selected.

The system gives an error when logging into the electronic platform

This error may be caused by a combination of the reasons listed above. As practice shows, such an error primarily appears due to an incorrectly installed Capicom library. We recommend checking whether the library is installed on your computer and paying attention to the need to copy 2 system files with the .dll extension to one of the Windows folders when using a 64-bit system.

In order for you to avoid such mistakes, before installing an electronic signature, read about installing and setting up an electronic signature or order information about issuing and setting up an electronic signature from our company.

Installation via the “View certificates in container” menu In order to install a certificate, you must complete the following steps: Select "Start" / "Control Panel" / " CryptoPro CSP» , go to tab "Service" and click on the button "View certificates in container"(see Fig. 1). Rice. 1. “CryptoPro CSP Properties” window In the window that opens, click on the button"Review" to select a container to view. After selecting the container, click on the button"OK"
(see Fig. 2). Rice. 2. Window for selecting a container to view. In the next window, click on the button"Further" Rice. 2. Window for selecting a container to view. In the next window, click on the button. If after pressing the button The message appears "There is no private key in the container public key encryption" , you need to proceed to installing the certificate. If the version is installed"CryptoPro CSP 3.6 R2" (product version 3.6.6497) or higher, then in the window that opens, click on the button"Install" , and then respond affirmatively to the certificate replacement notification (if it appears). IN otherwise in the window"Certificate for viewing" you need to press a button"Properties"
(see Fig. 3). Rice. 3. Certificate viewing window In the window that opens, select"Install certificate" (see Fig. 4). Rice. 4. Certificate viewing window In the window"Certificate Import Wizard" Rice. 2. Window for selecting a container to view. In the next window, click on the button should choose . Select"Place all certificates in the following store" Rice. 1. “CryptoPro CSP Properties” window In the window that opens, click on the button

,(see Fig. 5) click on the button

INSTRUCTIONS FOR GOVERNMENT CUSTOMERS

TO ELIMINATE ERRORS WHEN SETTING UP EDS

To make it easier to work with the instructions, a list of active links has been compiled:

1. Not_installed_Capicom_object……………………………………………………………......1

2. Message_Security_Alert………………………………………………………..2

3. There are no_buttons_not_working………………………………………………………………...2

4. Key_doesn't_exist………………………………………………………………..3

5. Installing_root_certificate……………………………………………………………...3

7. Uploading_public_key_certificate………………………………………………………...6

8. Uploading the public key certificate from ruToken……………...……………...11

9. Errors_requiring reinstallation of a personal certificate……………………..16

10. Installing_personal_certificate_from_floppy……………………………………18

11. Installing_personal_certificate_with_flash…………………………………………...29

12. Installing_personal_certificate_with_ruToken…………………………………………………….40

I. If a message appears about an uninstalled Capicom object, then you need to configure the browser according to the instructions from the “Home” - “Questions and Answers” ​​section in Question No. 1, disable pop-up blocking if Internet Explorer 8, check the compatibility view settings, install Capicom to the folder C:\WINDOWS\system32. to_contents

II. If the “Security Alert” message was displayed with the option to select Yes and No (thus, the system asks permission to connect to the key carrier), then you must click “Yes”.

If the “No” button was pressed, the message will look like this:

If the checkbox was checked and the “No” button was pressed, then you need to: remove the media, restart the computer, reinsert the media, reinstall the personal certificate through the CryptoPro program. On the newly released message, you must click “Yes” to the table of contents

III. If there are no buttons, or nothing happens after they are pressed, or it is not possible to select a certificate from the list, you need to configure the browser according to the instructions in the “Home” - “Questions and Answers” ​​section in Question No. 1, disable pop-up blocking if Internet Explorer 8, Check the compatibility view mode settings. to_contents

IV. If the message appears: “The key does not exist,” you need to reinstall the CryptoPro program, having first cleared the registry. to_contents

V. If you get the error “Unable to connect to the public key certificate,” you need to reinstall the root certificate. to_contents

Installing a root certificate.

( to_contents )

The root certificate is in the form of a public key (usually the file is called: root-2012. cer).

· Open the root certificate. Click Install Certificate.

· In the installation wizard, select "Place all certificates in the following store" and click "Browse". The certificate is placed in " Trusted centers certification", "Ok".

· Click “Finish” and in the “Import completed successfully” window, click “Ok”. Installation is complete.

VI. If in the “Home” - “Digital Signature Check” section the system displays the message: “The browser is configured correctly”, and in personal account organization's digital signature certificate does not work, then you need to: download the public key certificate. Open this certificate and in the “Composition” tab, check the “Subject” line. The full name in this line must exactly match the full name indicated in the name of your personal account.

To download a public key certificate from IE:

(to_contents)

· In the browser, select the menu item “Tools” - Internet Options

https://pandia.ru/text/78/154/images/image012_2.png" width="410" height="573 src=">

· If the certificate is not located on the “Personal” tab (in the folder), then we can conclude that the personal certificate was installed incorrectly. You need to look through other tabs (folders), find the public key certificate, it will look like this, for example: Last name patronymic name.cer.

https://pandia.ru/text/78/154/images/image014_37.jpg" width="458 height=358" height="358">

· Select "No, do not export" private key» (this information is confidential).

https://pandia.ru/text/78/154/images/image016_29.jpg" width="470 height=367" height="367">

· Come up with any file name yourself (123, full name, etc.), click “Browse”, select the “Desktop” saving section, click “Save”

https://pandia.ru/text/78/154/images/image018_31.jpg" width="470" height="365 src=">

· If you need to send a public key certificate by email, you will have to archive it, otherwise the recipient will not be able to open the certificate.

· Right-click on the certificate icon and select “Add to archive”

To download a public key certificate from RuToken ( eToken ):

(to_contents)

1. Go to the folder "Control Panel"(Start → Control Panel)

2. Launch the program "CryptoPro CSP"

3. Open a tab "Service" and press the button.

4. Selecting a certificate

"According to certificate" Full Name. cer)

https://pandia.ru/text/78/154/images/image023_1.png" width="23 height=47" height="47">

Click "Next...".

Select "No, do not export private key" (this information is confidential).

Come up with any file name yourself (123, full name, etc.), click “Browse”, select the “Desktop” saving section, click “Save”

margin-top:0cm" type="disc"> If you need to send a public key certificate via e-mail, you will have to archive it, otherwise the recipient will not be able to open this certificate. Right-click on the certificate icon and select “Add to Archive”

VII. It is necessary to reinstall (install) the personal certificate:

· If the window does not display required certificate

· If the message appears:

"When checking EDS certificate an error was detected. It may be due to one or more of the reasons listed below:

1. Key carrier is missing

2. It was not allowed to connect to the certificate store

3. The private key was not allowed to be used

For advice, please contact your email administrator. trading platform»

· If the message appears: “Error signing data: The parameter was set incorrectly”

· Error when signing data: The signer’s certificate is not valid for signing.

· If the message appears: “No valid certificate was found.”

· If the message appears: “It is not allowed to connect to the key carrier”

· Other errors other than those listed above

Reinstalling (installing) a personal certificate from a floppy disk:

(to_contents)

1) You need to come in "My computer" see which drive letter represents the floppy disk (3.5 A floppy drive or others)

2) Go to the folder "Control Panel"(Start → Control Panel)

3) Run the program "CryptoPro CSP"

https://pandia.ru/text/78/154/images/image035_12.jpg" width="339" height="403 src=">

6) Check the presence of the media on which the public key certificate is located in the list of installed readers.

7) If the required reader is not there, you need to add it.

8) To add a new reader:

· Click the "Add" button

· Select “All manufacturers” with one click and in the right column with one click select the desired reader, if it is present there, click the “Next” button

https://pandia.ru/text/78/154/images/image041_10.jpg" width="377" height="295">

· Open a tab "Service" and press the button

·Certificate selection

1. In the window, click the button Rice. 2. Window for selecting a container to view. In the next window, click on the button

2. In the next window, click the button Rice. 1. “CryptoPro CSP Properties” window In the window that opens, click on the button Full Name. cer on your floppy disk)

https://pandia.ru/text/78/154/images/image045_1.png" width="560" height="413">

If no public key certificate is found on the floppy disk:

· Check to see if the Treasury has issued other floppy disks or media that may contain this certificate. If there is another floppy disk, and one disk drive, you need to copy the public key certificate to the desktop, and when installing a personal certificate, there should be a floppy disk with a private key container (a folder with a name with “.000” at the end) in the disk drive, and pull up the public key from the desktop.

"Certificate file name" Rice. 2. Window for selecting a container to view. In the next window, click on the button

4. Then a window will appear "Certificate for installation" Rice. 2. Window for selecting a container to view. In the next window, click on the button

https://pandia.ru/text/78/154/images/image048_7.jpg" width="353" height="274">

https://pandia.ru/text/78/154/images/image050_7.jpg" width="377" height="295">

1. When installing a personal certificate, the container was specified incorrectly. Return to the instructions and indicate the correct container (the drive with the name of the floppy disk).

2. The floppy disk on which the container is stored is damaged. To install the certificate, use a copy of the floppy disk and follow the steps below.

3. When generating keys, the container was formed incorrectly. In this case, you need to contact the treasury.

· Storage selection

2. Press the button "Review" and select storage "Personal", then click the button "OK"

"Certificate Store Name", press the button Rice. 2. Window for selecting a container to view. In the next window, click on the button

https://pandia.ru/text/78/154/images/image053_7.jpg" width="441" height="345 src=">

If the message "Press the button" appears "Yes".

flash :

( to_contents )

1) You need to come in "My computer" see which letter of the removable disk represents the floppy disk (Removable disk F, H, L, etc.)

2) Go to the folder "Control Panel"(Start → Control Panel)

3) Run the program "CryptoPro CSP"

4) Check the product version, it must be at least 3.0

6) Check the presence of the media on which the public key certificate is located in the list of installed readers (or the “All removable drives” item).

7) If the required reader is not there, you need to add it (or the “All removable drives” item).

8) When the required reader is present in the installed readers, you can continue installing the personal certificate:

· Open a tab "Service" and press the button "Install personal certificate"

·Certificate selection

1. In the window "Personal Certificate Installation Wizard" click the button Rice. 2. Window for selecting a container to view. In the next window, click on the button

2. In the next window "Certificate File Location" click the button Rice. 1. “CryptoPro CSP Properties” window In the window that opens, click on the button and specify the location of the personal certificate (file Full Name. cer on your floppy disk)

If onflashno public key certificate found:

· Check to see if the Treasury has issued other floppy disks or media that may contain this certificate. The public key certificate can be copied to the computer (desktop), and when installing a personal certificate, a flash with a private key container must be inserted (a folder with a name with “.000” at the end), and the public key must be pulled from the desktop.

· If the certificate has been installed previously, you can download the public key certificate from the certificate store in IE.

· It is necessary to clarify whether a request was made to the treasury to receive the open part of the electronic digital signature (files with the extension .reg). On the computer through which work with the treasury is carried out through EDMS system The certificate is usually located: C:/FKLCNT/SUBSYS/KEYS/CRYPTOAPI/…. In one of the folders with an unpronounceable name

· If the above methods do not help, we can recommend contacting the treasury with a request to provide the location of the public key certificate.

3. After loading the public key certificate into the field "Certificate file name" The path to the certificate will appear. Click the button "Further".

Then a window will appear "Certificate for installation", containing information about the certificate to be installed. If everything is correct, click the button Rice. 2. Window for selecting a container to view. In the next window, click on the button

https://pandia.ru/text/78/154/images/image061_6.jpg" width="375" height="291">

https://pandia.ru/text/78/154/images/image063_5.jpg" width="406" height="318">

If a window appears with the error “The private key on the specified container does not match the public key in the certificate, select a different key container,” follow the steps below:

This warning appears for the following reasons:

4. When installing a personal certificate, the container was specified incorrectly. Return to the instructions and indicate the correct container (that removable disk with which flash name is reflected).

5. The flash on which the container is stored is damaged. To install the certificate, use a copy of the flash and follow the steps below.

6. When generating keys, the container was formed incorrectly. In this case, you need to contact the treasury.

· Storage selection

1. Select the option: “Place all certificates in the following store”

2. Press the button "Review" and select storage "Personal", then click the button "OK"

3. After the storage name appears in the field "Certificate Store Name", press the button Rice. 2. Window for selecting a container to view. In the next window, click on the button

https://pandia.ru/text/78/154/images/image053_7.jpg" width="441" height="345">

2. If the message “ This certificate is already present in the certificate store", press the button "Yes"

Reinstalling a personal certificate from ruToken :

( to_contents )

1) You need to come in "My computer", if the “flash drive” is not displayed, then it is actually ruToken (or eToken, although they are still quite rare)

2) Go to the folder "Control Panel"(Start → Control Panel)

3) Run the program "CryptoPro CSP"

4) Check the product version, it must be at least 3.0

5) Open the “Hardware” tab and click the “Configure readers” button

6) Check the presence of the media on which the public key certificate is located in the list of installed readers (or the “All smart card readers” item).

7) If the required reader is not there, you need to add it (or the “All smart card readers” item).

8) To add a new reader:

· Insert the disc issued by the Treasury

· Go to the “Equipment” tab and click the “Configure readers” button

· Click the "Add" button

· Click the "Have Disk" button

· Check the "CD Drives" checkbox and click "Next"

· In the window that opens, select “PC/SC Reader” and click the “Next” button

· Wait for installation from disk and click “Finish”.

· If the message “An old component configuration was found. Click ‘Finish’ to save it, or click ‘Cancel’ to delete the old configuration for all installed components”, then click the “Cancel” button

· In the “Available Readers” column, select “Activ ***** Token0” and click the “Next”, “Next”, “Finish” buttons

· After that, another reader “Activ ***** Token0” appeared in your list. Click OK

· Reader setup is complete. Restart your computer.

9) When the required reader is present in the installed readers, you can continue installing the personal certificate:

METHOD No. 1

5. Open a tab "Service" and press the button "View certificates in container"

6. Selecting a certificate

· In the next window, click the button "According to certificate" and select the desired personal certificate (file Full Name. cer)

https://pandia.ru/text/78/154/images/image084_0.png" width="503" height="391">

https://pandia.ru/text/78/154/images/image046_2.png" width="501" height="392">

5. Then a window will appear "Certificate for installation", containing information about the certificate to be installed. If everything is correct, click the button Rice. 2. Window for selecting a container to view. In the next window, click on the button

Container selection

1. In the window "Private Key Container" click the button Rice. 1. “CryptoPro CSP Properties” window In the window that opens, click on the button and specify the container corresponding to the personal certificate (for example Activ ru Token 0)

3. After the storage name appears in the field "Certificate Store Name", press the button Rice. 2. Window for selecting a container to view. In the next window, click on the button

·Completing the installation of the personal certificate

1. In the last window “Completing the Personal Certificate Installation Wizard” click the button "Ready"

2. If the message “ This certificate is already present in the certificate store", press the button "Yes"

Opening the Crypto-Pro program

1. Go to the folder "Control Panel" (Start > Settings > Control Panel or Start > Control Panel)

2. Launch the program "CryptoPro CSP"

3. Open the tab "Service"

4. Press the button "Install personal certificate"

Selecting a certificate

1. In the window "Personal Certificate Installation Wizard" click the button "Further"

2. In the next window "Certificate File Location" click the button "Review"

3. Specify the location of the personal certificate (file inn-kpp.cer on your floppy disk)

4. Press the button Open

5. After that, in the field "Certificate file name" The path to the certificate will appear. Click the button "Further"

6. Then a window will appear "Certificate for installation" containing information about the certificate being installed. If everything is correct, click the button "Further"

Container selection

1. In the window "Private Key Container" click the button "Review"

2. Specify the container corresponding to the personal certificate

3. Click the button OK

4. After the container name appears in the field "Name of the Spiked Container", press the button "Further"

If an error window appears: "The private key on the specified container does not match the public key in the certificate, select a different key container." Follow the steps below:

Selecting a storage

1. In the next “Certificate Store” window, click the button "Review"

2. Select storage "Personal"

3. Then press the button "OK"

4. After the storage name appears in the field "Certificate store name", press the button "Further"

Completing the installation of a personal certificate

1. In the last window "Completing the Personal Certificate Installation Wizard" click the button "Ready"

2. If a message appears "This certificate is already present in the certificate store", press the button "Yes"

Personal certificate installed

According to Wikipedia public key certificate aka public key file, electronic digital signature, signature key certificate, electronic signature verification key certificate (according to Article 2 Federal Law dated 04/06/2011 “On Electronic Signature” No. 63-FZ) - a digital or paper document confirming the correspondence between the public key and information identifying the owner of the key. Contains information about the owner of the key, information about the public key, its purpose and scope, and the name of the certification authority.

A public key can be used to organize a secure communication channel with the owner in two ways:

to verify the owner's signature (authentication)

to encrypt transmitted messages

In order to exchange encrypted messages, you must first exchange public key certificates. The message is encrypted using the recipient's public key and decrypted with its private key.

How to export a public key file?

You can export a public key file in the following ways:

1. Export from Personal storage:

• To do this, select in the browser settings (for example Internet Explorer) Settings/Internet Options/ Content and press the button Certificates.

• Find the required certificate and click Export.

If the required certificate is not in the list, you must go to step 2.

• In the window Certificate Export Wizard press the button Further. Then mark the item and select Further.

• In the window Export file format select and press the button Further.

• In the next window you need to click Review Save.

• Further, then Ready.Wait for a message about successful export.

2. Export a public key file using CryptoPro CSP:

• Select menu Start / Control Panel / CryptoPro CSP. Go to tab Service and press the button View certificates in a container.

• In the window that opens, click on the button Review"Review" OK.

• In the next window, click on the button Further.

• In the window Certificate for viewing"Certificate for viewing" Properties in the certificate file that opens, go to the tab Compound and press the button Copy to file.

• Next we follow the instructions Certificate Export Wizards pressing Further - No, do not export the private key - Further choose X.509 (.CER) files encoded in DER and again Further.
• In the next window you need to click on the button Review, specify the name and directory to save the file. Then click on the button Save.

• In the next window click on the button Further, then Ready.

• Wait for a message about successful export. Close all Crypto Pro program windows.

3. If the certificate export fails neither the first nor the second method, then to obtain a public key file you should contact the service technical support the certification authority where your certificate was received. Information about the certification authority can be found in the certificate itself.

After exporting the public key file, we can forward it to the person with whom we plan to exchange encrypted messages.

In order to encrypt a document you will need and . As a rule, no additional settings other than placing the public key certificate file in the Certificates of Other Users store are required.

If you found the instructions useful, share them, you will find buttons for this right below the article.