Installing the certificate and private key
We will describe the installation of an electronic signature certificate and private key for Windows operating systems. During the setup process we will need Administrator rights (so we may need a system administrator if you have one).
If you have not yet figured out what an Electronic Signature is, then please read Or if you have not yet received an electronic signature, contact the Certification Center, we recommend SKB-Kontur.
Well, suppose you already have an electronic signature (token or flash drive), but OpenSRO reports that your certificate is not installed, this situation may arise if you decide to configure your second or third computer (of course, the signature does not “grow” to only one computer and it can be used on multiple computers). Usually the initial setup is carried out with the help of the technical support of the Certification Center, but let’s say this is not our case, so let’s go.
1. Make sure that CryptoPro CSP 4 is installed on your computer
To do this, go to the menu Start CRYPTO-PRO CryptoPro CSP run it and make sure that the program version is not lower than 4.
If it is not there, then download, install and restart the browser.
2. If you have a token (Rutoken for example)
Before the system can work with it, you will need to install the necessary driver.
- Drivers Rutoken: https://www.rutoken.ru/support/download/drivers-for-windows/
- Drivers eToken: https://www.aladdin-rd.ru/support/downloads/etoken
- Drivers JaCarta: https://www.aladdin-rd.ru/support/downloads/jacarta
The algorithm is as follows: (1) Download; (2) Install.
3. If the private key is in the form of files
The private key can be in the form of 6 files: header.key, masks.key, masks2.key, name.key, primary.key, primary2.key
There is a subtlety here if these files are written to the hard drive of your computer, then CryptoPro CSP will not be able to read them, so all actions must be performed by first writing them to a flash drive (removable media), and you need to place them in a first-level folder, for example: E:\Andrey\( files) if located in E:\Andrey\ keys\(files), then it will not work.
(If you are not afraid of the command line, then removable storage can be emulated something like this: subst x: C:\tmp a new disk (X:) will appear, it will contain the contents of the C:\tmp folder, it will disappear after a reboot. This method can be used if you plan to install keys in the registry)
We found the files, recorded them on a flash drive, and move on to the next step.
4. Installing a certificate from a private key
Now we need to get a certificate, we can do this as follows:
- Opening CryptoPro CSP
- Go to the tab Service
- Press the button View certificates in a container, press Review and here (if we did everything correctly in the previous steps) we will have our container. Press the button Further, information about the certificate will appear and then click the button Install(the program may ask whether to provide a link to the private key, answer “Yes”)
- After this, the certificate will be installed in the storage and it will be possible to sign documents (at the same time, at the time of signing the document, it will be necessary for the flash drive or token to be inserted into the computer)
5. Using an electronic signature without a token or flash drive (installation in the registry)
If speed and ease of use are a little higher for you than security, then you can install your private key in the Windows registry. To do this you need to do a few simple steps:
- Perform private key preparation described in steps (2) or (3)
- Next we open CryptoPro CSP
- Go to the tab Service
- Press the button Copy
- Using a button Review choose our key
- Press the button Further, then we’ll come up with some name, for example “Pupkin, LLC Romashka” and press the button Ready
- A window will appear in which you will be asked to select the media, select Registry, click OK
- The system will ask Set password for the container, come up with a password, click OK
Important Note: the OpenSRO portal will not “see” the certificate if its validity period has expired.
To install, you will need a certificate file (a file with the .cer extension). To install a certificate, just follow these steps: Select “Start” / “Control Panel” / “CryptoPro CSP”. In the window “Properties of CryptoPro CSP” go to tab "Service" and click on the button "Install personal certificate"(see Fig. 1). Rice. 1. “CryptoPro CSP Properties” window In the window"Certificate Import Wizard" press the button"Further" . In the next window, click on the button"Review" 
to select the certificate file (see Figure 2). Rice. 2. Window for selecting a certificate file You must specify the path to the certificate and click on the button"Open" 
(see Fig. 3). press the button Rice. 3. Selecting a certificate file In the next window, click on the button "Certificate for viewing" click on the button press the button. Choose . In the next window, click on the button to indicate the corresponding private key container (see Figure 4). 
Rice. 4. Window for selecting a private key container Specify the container corresponding to the certificate and confirm the selection using the button "OK"(see Fig. 5). 
Rice. 5. Window for selecting a key container After selecting a container, click on the button press the button, check the box next to the inscription “Install certificate into container”(see Fig. 6). In the window "Selecting a certificate store" click on the button . In the next window, click on the button(see Fig. 6). 
Rice. 6. Selecting a certificate store You must select a store "Personal" And
Copying the private key container is a mandatory action when reinstalling the SBS on another computer. You can also copy the certificate if you want to create a spare digital signature key.
Copying a private key container to a flash drive, floppy disk or token is a rather complicated process to avoid errors it is important to strictly follow our instructions.
CryptoPro: certificate copying
Step 1. Opening the CryptoPro program
To open the program follow this path:
Click menu Start, then go to Programs⇒ CryptoPro⇒ CryptoPro CSP and enable the tab Service.
In an open window Service click the button Copy container.
Rice. 1.
Step 2: Copy the private key container
After pressing the button Copy container, the system will display the window Copying the private key container.
Rice. 2
In the open window you need to fill in the field Key container name.
Step 3. Entering the key container
There are 3 ways to fill out the field Key container name:
Manual input
Select from the list by clicking the Browse button
Search by digital signature certificate
In addition to filling out the Key container name field, you must fill in the remaining search options:
- - the switch is set to position User or Computer, depending on what storage the container is located in;
- Select CSP to search for key containers - the required crypto provider (CSP) is selected from the proposed list.
Once all fields are filled in, click the button Further.
If a password is set for access to the private key, the system will ask you to enter it. Enter your password and click the button OK.
Step 4. Entering a new key container
The system will display the window again Copying a private key container, in which you need to enter the name of the new key container and set the switch The name entered specifies the key container to position User or Computer, depending on in which storage you want to place the copied container.
After entering, click the button Ready.
Step 5: Select media for the copied container
A window will appear on your screen in which you need to select the media for the copied container.
Insert the media (token, flash drive, floppy disk) into the reader and press the button OK.
Step 6. Set a password
The system will display a window for setting a password to access the private key.
Enter your password, confirm it, and check the box if necessary Remember your password.
If this box is checked, the password will be saved in a special storage on the local computer, and when accessing the private key, the password will be automatically read from this storage rather than entered by the user.
After entering the required data, click the button OK. The CryptoPro CSP cryptographic information protection tool will copy the private key container.
If you have any questions, you can order a consultation with a specialist.
List of documents for a legal entity:
1. Extract from the Unified State Register of Legal Entities (USRLE) no older than 30 days.
2. Passport
3. Company details
4. SNILS (Insurance Certificate of State Pension Insurance)
5. TIN certificate
List of documents for an Individual Entrepreneur (IP):
1. Extract from the Unified State Register of Individual Entrepreneurs (USRIP)
2. Passport
3. SNILS (Insurance Certificate of State Pension Insurance)
4. TIN certificate
List of documents for an individual:
1. Passport
2. TIN certificate
2. SNILS (Insurance Certificate of State Pension Insurance)
2. A window pops up: "Error! The CAPICOM library cannot be loaded, possibly due to low access rights on this local machine."
If, when working on the website roseltorg.ru, a window pops up: “Error! The CAPICOM library cannot be loaded, possibly due to low access rights on this local machine” You need:
1. Click on the yellow bar under the site address with the text “This website is trying to install the following add-on: “CAPICOM User Download v2.1.0.2” from “Microsoft Corporation”. If you trust this website and add-on and want to install it , click here...";
2. Select "Install ActiveX control";
3. Click on the "Install" button; This procedure must be performed until the window with this message stops popping up (this is individual for each computer). This is a one-time setup.
3. How to install a personal certificate?
Installing a personal certificate (your organization's certificate) can be done in the following way:
Via the "View certificates in container" menu
1. Select Start / Control Panel / CryptoPro CSP, go to the Service tab and click on the button View certificates in a container(see Fig. 1).
Rice. 1. “CryptoPro CSP Properties” window
2. In the window that opens, click the Browse button to select a container to view. After selecting the container, click on the OK button (see Fig. 2).
Rice. 2. Window for selecting a container to view
3. In the next window, click on the Next button.
Rice. 3. “Selected private key container” window
4. If the version of CryptoPro CSP 3.6 R2 (product version 3.6.6497) or higher is installed, then in the window that opens, click on the Install button, and then respond affirmatively to the notification about replacing the certificate (if it appears).
Rice. 4. Certificate viewing window
5. In the window that appears about the successful installation of the certificate, click OK
Rice. 5. Window “Message about successful certificate installation”
6. then press the ready button
Rice. 6. Window for viewing the selected certificate
5. Close the CryptoPro CSP window by clicking OK
Detailed information on installing the certificate is available at the following link.
4. How to set up email.
Configuring security settings for Outlook Express is carried out according to the following scheme:
1. Select the menu item Tools -> Accounts and open the Mail tab.
2. In the displayed list of accounts, select the one you want to configure and click the Properties button.
3. In the displayed dialog, select the Security tab, which allows the user to specify his personal certificates, which will be used when selecting the user’s personal keys for generating an electronic digital signature and decrypting incoming messages. The certificate selection dialog only displays certificates that have a matching email address and are allowed for email security
5. In the displayed dialog, select the Security tab:
6. In the displayed dialog, set the following modes:
a. Always encrypt messages when sending encrypted mail . Setting the enable mode allows the sender to decrypt the messages he has sent.
b. Include my digital ID when sending singed messages. Setting this mode to automatically add the sender's certificate to all messages. This mode allows you to exchange certificates using a signed message, and then use the resulting certificates to subsequently encrypt messages between recipients.
c. Send messages with an opaque signature / Encode message before signing. When Message Mode is enabled, all attachments will be combined into a single attachment with a digital signature included. If the mode is disabled, the signature is generated as one separate attachment for all attachments.
d. Automatically add sender certificates to my address book. When enabled, certificates sent as part of a signed message will be automatically added to the address book.
e. Check for revoked Digital Ds:
i. only when online. Installing a verification token means that each operation of generating or verifying an electronic digital signature will be accompanied by a certificate revocation check. To check for revocation, a Certificate Revocation List (CRL) is used, information about the location of which is recorded as an addendum in each user’s certificate. By default, this option is not enabled, and Outlook Express does not track whether user keys have been compromised.
ii. Never/Never.
No revocation check is performed.
5. How to sign a document.
There are 2 types of sending a signed document.
The first way is to sign the document itself and the second is to sign the entire letter.
To create and send a signed message:
1. Click the Create Mail button or select the menu item File -> New -> Mail message.
3. To send a signed message, check the status of the Sign button. It should be pressed and the signed message sign should be visible on the right side of the screen.
4. Once the message is ready to be sent, click on the Send button:
The second method is when the file itself is signed. Microsoft Office allows you to attach digital signatures to a specific document. To do this you need:
1. From the Tools menu, select Options, and then open the Security tab.
2. Click the Digital Signatures button.
3. Click the Add button.
4. Select the certificate you want, and then click OK.
For other data formats, you must use the CryptoArm program.
6. CryptoPro expires.
During installation, you did not enter the product serial number according to the license you purchased.
7. Mail does not see the certificate.
When setting up email, at the stage of signing the document, the email does not find the required certificate. This happens when the email address that is specified when producing the digital signature does not match the current email address.
8. When installing CryptoPro at the last step, the system displays a message about the incorrect installation of the program and rolls back. What should I do?
The problem occurs due to incomplete (or incorrect) removal of the previous version of Crypto Pro from the computer. To remove files remaining from the previous version, you must use the CryptoPro clear.bat trace cleaning program. You can download the program from here: ftp://ftp.cryptopro.ru/pub/CSP_3_6/clearing.zip
9. Where can I find the public digital signature signature key?
In all signatures issued by our company, the public key is located inside a container on a secure medium. In order to remove it from the container you need to:
When the media is included in the system unit Through the CryptoPro program Start à Control Panel à CryptoPro à Service à View the certificates in the container. In the dialog box that appears, select the required container through the overview à Next. In the window for viewing digital signature public key data, select properties à “Composition” tab à Copy to file and specify the path to save the certificate.
10. CryptoPro does not see the container on the flash drive. Prompts you to select another media.
Depending on what type of media you use, the solutions are different. If you use smart cards such as Rutoken, MSKey, Etoken, then most likely you do not have the drivers installed to work correctly with the key.
If your key is on a USB 2.0 flash drive, then you need to look at the version of the CryptoPro kernel. If you are using CryptoPro 3.0, then you have lost your way. In order to configure it you need to:
When the media is included in the system unit Through the CryptoPro program Start à Control Panel à CryptoPro à Equipment Configure readers Add. In the Reader Installation Wizard window that appears, select Floppy Drive on the right side of the screen (since in CryptoPro all USB drives are defined as floppy disks). In the next window, select the correct name of the flash drive, that is, the name under which the flash drive is identified in “My Computer”.
If you are using CryptoPro 3.6 and the container is not visible, then the media is damaged. It should be provided to the office to determine the status of the key.
11. We have received an electronic signature, what to do next? How to register on the trading platform?
The entire procedure for accreditation, filing an application for participation in the auction and conducting the auction itself is described in the operating regulations of a specific electronic trading platform, which can be found on the website of this platform. There are also various supporting video materials and instructions for working in the system. Or you can contact us to purchase our accreditation assistance service on any electronic platform.
12. To check what operating system is installed on your computer
- Go to My Computer in Explorer.
— Right-click on the display and select “Properties” from the menu that appears.
— The window that appears contains information about your system.
13. To find out which version of Internet Explorer is installed on your computer
— Launch Internet Explorer.
— Select Help from the horizontal menu at the top of the browser.
— The window that appears contains information about the current version of the browser.
— Possible option
14. To install a newer version of Internet Explorer 8
— Specify the following address on the command line:
— In the window presented, click “Download for free.”
— Click “Run” in the window that appears.
- Then click “Run” again.
— When installation is complete, you must restart your computer.
If a flash drive or floppy disk is used for work, copying can be done using Windows (this method is suitable for versions of CryptoPro CSP no lower than 3.0). The folder with the private key (and the certificate file, if any) must be placed in the root of the flash drive (floppy disk). It is recommended not to change the folder name when copying.
The private key folder should contain 6 files with the extension .key. Below is an example of the contents of such a folder.
Container copying can also be done using the CryptoPro CSP crypto provider. To do this you need to follow these steps:
1. Select Start / Control Panel / CryptoPro CSP.
2. Go to the Tools tab and click on the Copy button. (see Fig. 1).
Rice. 1. “CryptoPro CSP Properties” window
3. In the window Copying a private key container"Certificate Import Wizard" Review(see Fig. 2).
Rice. 2. Copying the private key container
4. Select a container from the list, click on the button OK, then Further.
Rice. 3. Key container name
6. In the “Insert and select media to store the private key container” window, you must select the media on which the new container will be placed (see Figure 4).
Rice. 4. Selecting a blank key media
7. You will be prompted to set a password for the new container. Setting a password is optional, you can leave the field blank and click on the button OK(see Fig. 5).
Rice. 5. Setting a password for the container
If copying to media Rutoken, the message will sound different (see Fig. 6)
Rice. 6. Pin code for container
Please note: if you lose your password/pin code, using the container will become impossible.
8. After copying is completed, the system will return to the tab Service in the window CryptoPro CSP. Copying is complete. If you plan to use a new key container to work in the Kontur-Extern system, you must install a personal certificate (see How to install a personal certificate?).
For bulk copying, download and run the Certfix utility.
