• How to install a root certificate. Internet explorer does not see the certificate. How to install a root certificate The list of certificates is not displayed

    We are often asked the question: how to install a certificate via CryptoPpo CSP. There are different situations: the director or chief accountant has changed, they have received a new certificate from a certification center, etc. Everything worked before, but now it doesn't. We tell you what you need to do to install a personal digital certificate on your computer.

    You can install a personal certificate in two ways:

    1. Through the CryptoPro CSP menu “View certificates in container”

    2. Through the CryptoPro CSP menu “Install personal certificate”

    If your workplace uses the Windows 7 operating system without SP1, then install the certificate according to the recommendations of option No. 2.

    Option No. 1. Install through the “View certificates in container” menu

    To install a certificate:

    1. Select Start -> Control Panel -> CryptoPro CSP -> Tools tab and click the “View certificates in the container” button.

    2. In the window that opens, click on the “Browse” button. Select a container and confirm your choice with the OK button.


    If the message “There is no public encryption key in the private key container” appears, proceed to installing the digital certificate using option #2.

    4. If the version of “CryptoPro CSP” 3.6 R2 (product version 3.6.6497) or higher is installed on your computer, then in the window that opens, click on the “Install” button. After this, agree to the proposal to replace the certificate.

    If the “Install” button is missing, in the “Certificate for viewing” window, click the “Properties” button.


    5. In the “Certificate” window -> “General” tab, click on the “Install certificate” button.


    6. In the “Certificate Import Wizard” window, select “Next”.

    7. If you have installed version “CryptoPro CSP” 3.6, then in the next window just leave the switch on the “Automatically select storage based on certificate type” item and click “Next”. The certificate will be automatically installed in the “Personal” storage.



    Option 2. Install through the “Install personal certificate” menu

    To install, you will need, in fact, the certificate file itself (with the .cer extension). It can be located, for example, on a floppy disk, on a token, or on the computer's hard drive.

    To install a certificate:

    1. Select Start -> Control Panel -> CryptoPro CSP -> Tools tab and click the “Install personal certificate” button.


    2. In the “Personal Certificate Installation Wizard” window, click the “Next” button. In the next window, to select the certificate file, click “Browse”.


    3. Specify the path to the certificate and click on the “Open” button, then “Next”.


    4. In the next window, you can view the certificate information. Click “Next”.


    5. In the next step, enter or specify the private key container that corresponds to the selected certificate. To do this, use the “Browse” button.



    If you have installed CryptoPro CSP 3.6 R2 (product version 3.6.6497) or higher, check the “Install certificate into container” checkbox.


    8. Select the “Personal” storage and click OK.


    9. The storage you have chosen. Now click “Next”, then “Finish”. After this, a message may appear:


    In this case, click “Yes”.

    10. Wait for a message that the personal certificate has been successfully installed on your computer.

    That's it, you can sign documents using the new certificate.

    Good day!

    I think that almost every user (especially recently) has encountered an error in the browser stating that the certificate of such and such a site is not trusted, and a recommendation not to visit it.

    On the one hand, this is good (after all, the browser, and in general the popularization of such certificates, ensures our security), but on the other hand, such an error sometimes pops up even on very well-known sites (for example, Google).

    The essence of what is happening, and what does it mean?

    The fact is that when you connect to a site on which the SSL protocol is installed, the server transmits a digital document to the browser ( certificate) that the site is genuine (and not a fake or a clone of something there...). By the way, if everything is fine with such a site, then browsers mark them with a “green” padlock: the screenshot below shows how it looks in Chrome.

    However, certificates can be issued by well-known organizations (Symantec, Rapidssl, Comodo, etc.) , and anyone in general. Of course, if the browser and your system “do not know” who issued the certificate (or there is a suspicion of its correctness), then a similar error appears.

    Those. I mean that both completely white sites and those that are really dangerous to visit can fall under the distribution. Therefore, the appearance of such an error is a reason to take a close look at the site address.

    Well, in this article I want to point out several ways to eliminate such an error if it began to appear even on white and well-known sites (for example, on Google, Yandex, VK and many others. You won’t refuse to visit them, will you?).

    How to resolve the error

    1) Pay attention to the site address

    The first thing to do is just pay attention to the site address (it is possible that you typed the wrong URL by mistake). Also, sometimes this happens due to the fault of the server on which the site is located (perhaps, in general, the certificate itself is simply outdated, because it is issued for a certain time). Try visiting other sites, if everything is OK with them, then most likely the problem is not with your system, but with that particular site.

    Example of the error "The site's security certificate is not trusted"

    However, I note that if the error appears on a very well-known site that you (and many other users) completely trust, then there is a high probability of a problem in your system...

    2) Check the date and time set in Windows

    The second point is that a similar error can pop up if the time or date is set incorrectly in your system. To correct and clarify them, just click on “time” in the Windows taskbar (in the lower right corner of the screen). See screenshot below.

    After setting the correct time, restart your computer and try to reopen the browser and sites in it. The error should go away.

    I also draw your attention to the fact that if your time is constantly lost, the battery on your motherboard is probably dead. It is a small “tablet”, thanks to which the computer remembers the settings you entered, even if you disconnect it from the network (for example, are the same date and time somehow calculated?).

    3) Try updating your root certificates

    Another option to try to solve this problem is to install a root certificate update. Updates can be downloaded from the Microsoft website for different operating systems. For client operating systems (i.e., for ordinary home users), these updates are suitable:

    4) Installing “trusted” certificates in the system

    Although this method works, I would like to warn you that it “may” become a source of problems in the security of your system. At least, I advise you to resort to this only for such large sites as Google, Yandex, etc.

    To get rid of the error associated with the unreliability of the certificate, a specialist should be used. plastic bag GeoTrust Primary Certification Authority .

    By the way, to download GeoTrust Primary Certification Authority:


    Now you need to install the downloaded certificate into the system. I’ll tell you step by step how this is done below:


    5) Pay attention to antivirus utilities

    In some cases, this error may occur due to the fact that some program (for example, an antivirus) scans https traffic. This is what the browser sees that the incoming certificate does not match the address it came from, and as a result a warning/error appears...

    Therefore, if you have an antivirus/firewall installed, check and temporarily disable the https traffic scanning setting (see example of AVAST settings in the screenshot below).

    That's all I have...

    For additions on the topic - a special merci!

    All the best!

    If none of the solutions suggested below resolve the problem, the key media may have been damaged and requires recovery (see). It is impossible to recover data from a damaged smart card or registry.

    If there is a copy of the key container on another medium, then you need to use it for work, first installing the certificate.

    Diskette

    If you are using a floppy disk as the key container, you must complete the following steps:

    1. Make sure that in the root of the floppy disk there is a folder containing the files: header, masks, masks2, name, primary, primary2. Files must have a .key extension and the folder name format must be xxxxxx.000.

    the private key container has been corrupted or deleted

    2. Make sure that the “Disk Drive X” reader is configured in CryptoPro CSP (for CryptoPro CSP 3.6 - “All removable drives”), where X is the drive letter. To do this:

    • Select the “Start” menu > “Control Panel” > “CryptoPro CSP”;

    ?).

    3. In the CryptoPro CSP window “Selecting a key container”, select the “Unique names” radio button.

    4.

    • Select the “Start” menu > “Control Panel” > “CryptoPro CSP”;
    • Go to the “Service” tab and click on the “Remove remembered passwords” button;

    5. How to copy a container with a certificate to another medium?).

    Flash drive

    If a flash drive is used as the key media, you must perform the following steps:

    1. Make sure that in the root of the media there is a folder containing the files: header, masks, masks2, name, primary, primary2 . Files must have a .key extension and the folder name format must be as follows: xxxxxx.000 .

    If any files are missing or their format is incorrect, it may be the private key container has been corrupted or deleted. You also need to check whether this folder contains six files on other media.

    2. Make sure that the “Disk drive X” reader is configured in CryptoPro CSP (for CryptoPro CSP 3.6 - “All removable drives”), where X is the drive letter. To do this:

    • Select the “Start” menu > “Control Panel” > “CryptoPro CSP”;
    • Go to the “Equipment” tab and click on the “Configure readers” button.

    If the reader is missing, it must be added (see. How to configure readers in CryptoPro CSP ?).

    3.

    4. Remove remembered passwords. To do this:

    • Select the “Start” menu > “Control Panel” > “CryptoPro CSP”;
    • Select the “User” item and click the “OK” button.

    5. Make a copy of the key container and use it for work (see. How to copy a container with a certificate to another medium ?).

    6. If CryptoPro CSP version 2.0 or 3.0 is installed at your workplace, and Drive A (B) is present in the list of key media, then it must be removed. To do this:

    • Select the “Start” menu > “Control Panel” > “CryptoPro CSP”;
    • Go to the “Equipment” tab and click on the “Configure readers;” button
    • Select the reader “Disk Drive A” or “Disk Drive B” and click on the “Delete” button.

    After removing this reader, working with the floppy disk will be impossible.

    Rutoken

    If a Rutoken smart card is used as a key carrier, you must complete the following steps:

    1. Make sure that the light on the rutoken is on. If the light does not light, you should use the following recommendations.

    2. Make sure that the “Rutoken” reader is configured in CryptoPro CSP (for CryptoPro CSP 3.6 - “All smart card readers”). To do this:

    • Select the “Start” menu > “Control Panel” > “CryptoPro CSP”;
    • Go to the “Equipment” tab and click on the “Configure readers” button.

    If the reader is missing, it must be added (see. How to configure readers in CryptoPro CSP ?).

    3. In the “Select a key container” window, select the “Unique names” radio button.

    4. Remove remembered passwords. To do this:

    • Select the “Start” menu > “Control Panel” > “CryptoPro CSP” ;
    • Go to the “Service” tab and click on the “Remove remembered passwords” button;
    • Select the “User” item and click the “OK” button.

    5. Update the support modules required for Rutoken to work. To do this:

    • Disconnect the smart card from the computer;
    • Select the “Start” menu > “Control Panel” > “Add or Remove Programs” (for Windows Vista\Seven “Start” > “Control Panel” > “Programs and Features”);
    • Select “Rutoken Support Modules” from the list that opens and click on the “Delete” button.

    After removing modules you need to restart your computer .

    • Download and install the latest version of support modules. The distribution is available for download on the Aktiv website.

    After installing the modules, you must restart your computer.

    6. You should increase the number of Rutoken containers displayed in CryptoPro CSP using with the following instructions .

    7. Update the Rutoken driver (see. How to update the Rutoken driver ?).

    8. You should make sure that Rutoken contains key containers. To do this, you need to check the amount of free memory on the media by following these steps:

    • Open “Start” (“Settings”) > “Control Panel” > “Rutoken Control Panel” (if this item is missing, then you should update Rutoken driver).
    • In the “Rutoken Control Panel” window that opens, in the “Readers” item, select “Activ Co. ruToken 0 (1,2)" and click on the "Information" button.

    If the ruToken is not visible in the “Readers” item or when you click on the “Information” button, the message “ruToken memory status has not changed” appears, then the media has been damaged, you need to contact the service center for an unscheduled key replacement.

    • Check what value is indicated in the line “Free memory (bytes)”.

    Service centers issue root tokens with a memory capacity of about 30,000 bytes as key media. One container takes up about 4 KB. The amount of free memory of a rootken containing one container is about 26,000 bytes, two containers - 22,000 bytes, etc.

    If the free memory of a root token is more than 29-30,000 bytes, then there are no key containers on it. Therefore, the certificate is contained on a different medium.

    Registry

    If the Registry reader is used as the key media, you must perform the following steps:

    1. Make sure that the “Register” reader is configured in CryptoPro CSP. To do this:

    • Select the “Start” menu > “Control Panel” > “CryptoPro CSP”;
    • Go to the “Equipment” tab and click on the “Configure readers” button.

    If the reader is missing, it must be added (see. How to configure readers in CryptoPro CSP ?).

    2. In the “Select a key container” window, select the “Unique names” radio button.

    3. Remove remembered passwords. To do this:

    • Select the “Start” menu > “Control Panel” > “CryptoPro CSP”;
    • Go to tab « Service" and click on the "Delete remembered passwords" button;
    • Select the “User” item and click the “OK” button.
    Read more: