Electronic digital signatures (EDS) have long and firmly entered into use both in public institutions and in private firms. The technology is implemented through security certificates, both common to the organization and personal. The latter are most often stored on flash drives, which imposes some restrictions. Today we will tell you how to install such certificates from a flash drive on a computer.
Despite their reliability, flash drives can also fail. In addition, it is not always convenient to insert and remove the drive for work, especially for a short time. The certificate from the key carrier can be installed on a working machine to avoid these problems.
The procedure depends on the version of Cryptopro CSP that is used on your machine: Method 1 is suitable for the newest versions, Method 2 is suitable for older versions. The latter, by the way, is more universal.
Method 1: Installation in automatic mode
The latest versions of Cryptopro DSPs have a useful feature for automatically installing a personal certificate from external media to a hard drive. To enable it, do the following.
- The first step is to launch CryptoPro CSP. Open the menu "Start", in it go to "Control Panel".
Click the left mouse button on the marked item. - The working window of the program will start. open "Service" and select the option to view certificates marked in the screenshot below.
- Click the browse button.
The program will prompt you to select the location of the container, in our case, a flash drive.
Select the one you want and click "Further".. - A preview of the certificate opens. We need its properties - click on the desired button.
In the next window, click on the install certificate button. - The Certificate Import Utility opens. Press to continue working. "Further".
You have to choose a repository. In the latest versions of CryptoPro, it is better to leave the default settings.
Finish working with the utility by clicking "Ready". - A message will appear indicating that the import was successful. Close it by clicking "OK".
Problem solved.
This method is by far the most common, but in some variants of certificates it is impossible to use it.
Method 2: Manual installation method
Older versions of CryptoPro only support manual installation of a personal certificate. In addition, in some cases, the latest versions of the software can take such a file into work through the import utility built into CryptoPro.
- First of all, make sure that the USB flash drive that is used as a key has a certificate file in CER format.
- Open CryptoPro DSP as described in Method 1, but this time choosing to install certificates..
- Will open "Personal Certificate Installation Wizard". Proceed to choose the location of the CER file.
Select your flash drive and a folder with a certificate (as a rule, such documents are located in the directory with the generated encryption keys).
After making sure the file is recognized, press "Further". - In the next step, review the properties of the certificate to make sure the selection is correct. After checking, press "Further".
- The next step is to specify the key container of your .cer file. Click on the appropriate button.
In the pop-up window, select the location of the desired one.
Returning to the import utility, press again "Further". - Next, you need to select the storage of the imported EDS file. click "Review".
Since we have a personal certificate, we need to mark the appropriate folder.
Attention: if you are using this method on the latest CryptoPro, then do not forget to check the box "Install a certificate (certificate chain) into the container"!
- Exit the import utility.
- We are going to replace the key with a new one, so feel free to press "Yes" in the next window.
The procedure is over, you can sign the documents.
This method is somewhat more complicated, but in some cases it is the only way to install certificates.
As a summary, we remind you: install certificates only on trusted computers!
If none of the solutions below resolves the problem, the key media may have been damaged and needs to be restored (see ). It is not possible to recover data from a damaged smart card or registry.
If there is a copy of the key container on another medium, then you must use it for work, after installing the certificate.
Diskette
If a floppy disk is used as the key container, the following steps must be performed:
1. Make sure that there is a folder at the root of the floppy disk containing the files: header, masks, masks2, name, primary, primary2. The files must have the .key extension and the folder name format must be xxxxxx.000.
the private key container has been corrupted or removed
2. Make sure that the “Drive X” reader is configured in CryptoPro CSP (for CryptoPro CSP 3.6 — “All removable drives”), where X is the drive letter. To do this:
- Select the menu "Start" > "Control Panel" > "CryptoPro CSP";
?).
3. In the CryptoPro CSP window "Selecting a key container", set the "Unique names" radio button.
4.
- Select the menu "Start" > "Control Panel" > "CryptoPro CSP";
- Go to the "Service" tab and click on the "Delete remembered passwords" button;
5. How to copy a container with a certificate to another medium?).
Flash drive
If a flash drive is used as a key medium, the following steps must be performed:
1. Make sure that in the root of the media there is a folder containing the files: header, masks, masks2, name, primary, primary2 . The files must have a .key extension and the folder name format must be: xxxxxx.000 .
If any files are missing or not in the correct format, then the private key container may have been corrupted or deleted. You also need to check if this folder with six files is contained on other media.
2. Make sure that the “Drive X” reader is configured in CryptoPro CSP (for CryptoPro CSP 3.6 — “All removable drives”), where X is the drive letter. To do this:
- Select the menu "Start" > "Control Panel" > "CryptoPro CSP";
- Go to the "Hardware" tab and click on the "Configure readers" button.
If the reader is missing, it must be added (see How to configure readers in CryptoPro CSP?).
3.
4. Delete remembered passwords. For this:
- Select the menu "Start" > "Control Panel" > "CryptoPro CSP";
- Mark the "User" item and click on the "OK" button.
5. Make a copy of the key container and use it for work (see How to copy a container with a certificate to another medium?).
6. If CryptoPro CSP version 2.0 or 3.0 is installed at the workplace, and Drive A (B) is present in the list of key media, then it must be removed. For this:
- Select the menu "Start" > "Control Panel" > "CryptoPro CSP";
- Go to the "Hardware" tab and click on the "Configure readers" button;
- Select the reader "Drive A" or "Drive B" and click on the "Delete" button.
After removing this reader, work with the floppy disk will be impossible.
Rutoken
If a Rutoken smart card is used as a key carrier, the following steps must be taken:
1. Make sure the light on the rutoken is on. If the lamp does not light, then the following recommendations should be used.
2. Make sure that the "Rutoken" reader is configured in CryptoPro CSP (for CryptoPro CSP 3.6 - "All smart card readers"). To do this:
- Select the menu "Start" > "Control Panel" > "CryptoPro CSP";
- Go to the "Hardware" tab and click on the "Configure readers" button.
If the reader is missing, it must be added (see How to configure readers in CryptoPro CSP?).
3. In the "Select key container" window, select the "Unique names" radio button.
4. Delete remembered passwords. For this:
- Select "Start" menu > "Control Panel" > "CryptoPro CSP" ;
- Go to the "Service" tab and click on the "Delete remembered passwords" button;
- Mark the "User" item and click on the "OK" button.
5. Update support modules required for Rutoken to work. For this:
- Disconnect the smart card from the computer;
- Select the menu "Start" > "Control Panel" > "Add or Remove Programs" (for Windows Vista \ Seven "Start" > "Control Panel" > "Programs and Features");
- Select "Rutoken Support Modules" from the list that opens and click on the "Delete" button.
After removing the modules, you must restart the computer .
- Download and install the latest support modules. The distribution kit is available for download on the Aktiv website.
After installing the modules, you must restart your computer.
6. You should increase the number of Rutoken containers displayed in CryptoPro CSP using the following instruction .
7. Update the Rutoken driver (see How to update the Rutoken driver?).
8. You should make sure that Rutoken contains key containers. To do this, you need to check the amount of free memory on the media by following these steps:
- Open "Start" ("Settings") > "Control Panel" > "Rutoken Control Panel" (if this item is missing, then update the Rutoken driver).
- In the "Rutoken Control Panel" window that opens, in the "Readers" item, select "Activ Co. ruToken 0 (1,2)" and click on the "Information" button.
If the root token is not visible in the “Readers” item or when you click on the “Information” button, the message “ruToken memory status has not changed” appears, which means that the media has been damaged, you need to contact the service center for an unscheduled replacement of the key.
- Check what value is indicated in the line "Free memory (bytes)".
As a key carrier, service centers issue rutokens with a memory capacity of about 30,000 bytes. One container occupies about 4 KB. The amount of free memory of a rutoken containing one container is about 26,000 bytes, two containers - 22,000 bytes, etc.
If the amount of free memory of the rutoken is more than 29-30,000 bytes, then there are no key containers on it. Therefore, the certificate is contained on a different medium.
Registry
If the Registry reader is used as a key carrier, the following steps must be performed:
1. Make sure that the "Register" reader is configured in CryptoPro CSP. For this:
- Select the menu "Start" > "Control Panel" > "CryptoPro CSP";
- Go to the "Hardware" tab and click on the "Configure readers" button.
If the reader is missing, it must be added (see How to configure readers in CryptoPro CSP?).
2. In the "Select key container" window, select the "Unique names" radio button.
3. Delete remembered passwords. For this:
- Select the menu "Start" > "Control Panel" > "CryptoPro CSP";
- Go to tab « Service" and click on the "Delete remembered passwords" button;
- Mark the "User" item and click on the "OK" button.
Good afternoon!. The last two days I had an interesting task of finding a solution to such a situation, there is a physical or virtual server, on which the well-known CryptoPRO is probably installed. Connected to the server , which is used to sign documents for VTB24 DBO. Locally on Windows 10 everything works, but on the server platform Windows Server 2016 and 2012 R2, Cryptopro does not see the JaCarta key. Let's figure out what the problem is and how to fix it.
Description of the environment
There is a virtual machine on Vmware ESXi 6.5, Windows Server 2012 R2 is installed as the operating system. The server is running CryptoPRO 4.0.9944, the latest version at the moment. A JaCarta key is connected from the network USB hub using USB over ip technology. Key in the system sees, but not in CryptoPRO.
Algorithm for solving problems with JaCarta
CryptoPRO very often causes various errors in Windows, a simple example (Windows installer service could not be accessed). This is how the situation looks when the CryptoPRO utility does not see the certificate in the container.
As you can see in the UTN Manager utility, the key is connected, it is seen in the system in smart cards as a Microsoft Usbccid (WUDF) device, but CryptoPRO does not detect this container and you do not have the opportunity to install a certificate. Locally, the token was connected, everything was the same. Began to think what to do.
Possible causes with container definition
- Firstly, this is a driver issue, for example in Windows Server 2012 R2, JaCarta should ideally be listed as JaCarta Usbccid Smartcard in the smart card list, not Microsoft Usbccid (WUDF)
- Secondly, if the device is seen as Microsoft Usbccid (WUDF), then the driver version may be outdated, and because of which your utilities will not detect the protected USB drive.
- Legacy version of CryptoPRO
How to solve the problem that the cryptopro does not see the USB key?
We created a new virtual machine and began to install the software all in sequence.
Before installing any software that works with USB media containing certificates and private keys. Need NECESSARILY disable the token, if stuck locally, then disable it, if over the network, break the session
- First of all, we update your operating system with all available updates, as Microsoft fixes many errors and bugs, including drivers.
- The second point is, in the case of a physical server, install all the latest drivers on the motherboard and all peripheral equipment.
- Next, install the JaCarta Unified Client.
- Install the latest version of CryptoPRO
Installing a single JaCarta PKI client
Single Client JaCarta is a special utility from the Aladdin company for the correct work with JaCarta tokens. You can download the latest version of this software product from the official website, or from my cloud, if it doesn’t work out from the manufacturer’s website.
Next, you unpack the resulting archive and run the installation file for your Windows architecture, I have it 64-bit. Let's start installing the Jacarta driver. A single Jacarta client, very easy to install (REMINDER your token at the time of installation, must be disabled). On the first window of the installation wizard, just click next.
Accept the license agreement and click "Next"
In order for JaCarta token drivers to work correctly for you, it is enough to perform a standard installation.
If you choose "Custom installation", then be sure to check the boxes:
- Drivers
- Support modules
- Support module for CryptoPRO
After a couple of seconds, the Jacarta Unified Client is successfully installed.
Be sure to restart the server or computer so that the system sees the latest drivers.
After installing JaCarta PKI, you need to install CryptoPRO, for this go to the official website.
https://www.cryptopro.ru/downloads
At the moment, the latest version of CryptoPro CSP is 4.0.9944. Run the installer, check "Install root certificates" and click "Install (Recommended)"
CryptoPRO installation will be performed in the background, after which you will see a suggestion to restart the browser, but I advise you to completely restart.
After reboot connect your JaCarta USB token. I have a network connection, from a DIGI device, via . In the Anywhere View client, my Jacarta USB drive is successfully defined, but as Microsoft Usbccid (WUDF), and ideally it should be defined as JaCarta Usbccid Smartcard, but you need to check anyway, since everything can work like that.
When opening the "Jacarta PKI Unified Client" utility, the connected token was not found, which means that something is wrong with the drivers.
Microsoft Usbccid (WUDF) is a standard Microsoft driver that is installed by default on various tokens, and it happens that everything works, but not always. The Windows operating system, by default, puts them in mind for its architecture and settings, I personally don’t need this at the moment. What we do is we need to uninstall the Microsoft Usbccid (WUDF) drivers and install the drivers for the Jacarta media.
Open Windows Device Manager, find "Smart card readers", click on Microsoft Usbccid (WUDF) and select "Properties". Click the Drivers tab and click Uninstall
Agree to remove the Microsoft Usbccid (WUDF) driver.
You will be notified that for the changes to take effect, you need to restart the system, be sure to agree.
After rebooting the system, you can see the installation of the ARDS Jacarta device and drivers.
Open the device manager, you should see that now your device is defined as JaCarta Usbccid Smartcar and if you go to its properties, you will see that the jacarta smart card now uses the driver version 6.1.7601 from ALADDIN R.D.ZAO, as it should be .
If you open a single Jacarta client, you will see your electronic signature, which means that the smart card has been correctly identified.
We open CryptoPRO, and we see that the cryptopro does not see the certificate in the container, although all the drivers are defined as needed. There is one more feature.
- In the RDP session, you will not see your token, only locally, this is how the token works, or I did not find how to fix it. You can try the suggestions to resolve the error "Unable to connect to the smart card management service".
- You need to uncheck one checkbox in CryptoPRO
MUST uncheck "Do not use outdated cipher suites" and reboot.
After these manipulations, CryptoPRO saw my certificate and the jacarta smart card became working, you can sign documents.
You can also see your JaCarta device in Devices and Printers,
If you, like me, have the jacarta token installed in the virtual machine, then you will have to install the certificate through the console of the virtual machine, and also give rights to it to the responsible person. If this is a physical server, then you will have to give rights to the control port, which also has a virtual console.
When you have installed all the drivers for Jacarta tokens, you may see the following error message when connecting via RDP and opening the Jacarta PKI Unified Client utility:
- The smart card service is not running on the local machine. The architecture of the RDP session developed by Microsoft does not provide for the use of key media connected to the remote computer, therefore, in the RDP session, the remote computer uses the local computer's smart card service. It follows from this that starting the smart card service inside an RDP session is not enough for normal operation.
- The smart card management service on the local computer is running, but is not available to the program inside the RDP session due to Windows and/or RDP client settings.\
How to fix "Unable to connect to smart card management service" error.
- Start the smart card service on the local machine from which you are initiating the remote access session. Set it to start automatically when the computer starts.
- Allow the use of local devices and resources during the remote session (in particular, smart cards). To do this, in the "Remote Desktop Connection" dialog in the settings, select the "Local Resources" tab, then in the "Local Devices and Resources" group, click the "Details ..." button, and in the dialog that opens, select the "Smart cards" item and click "OK", then "Connect".
- Make sure the RDP connection settings are saved. By default, they are saved in the Default.rdp file in the "My Documents" directory. Make sure that the line "redirectsmartcards: i: 1" is present in this file.
- Make sure that group policy is not activated on the remote computer to which you are making an RDP connection
-[Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection\Do not allow smart card reader redirection]. If it is enabled (Enabled), then disable it and restart the computer. - If you have Windows 7 SP1 or Windows 2008 R2 SP1 installed and you are using RDC 8.1 to connect to computers running Windows 8 and above, then you need to install an operating system update https://support.microsoft.com/en-us/ kb/2913751
Here was the troubleshooting for setting up the Jacarta token, CryptoPRO on the terminal server, for signing documents in VTB24 RBS. If you have comments or corrections, then write them in the comments.
- built-in (valid for 1 year, manufactured and valid with a signature, does not require a license number to be entered)
- annual (valid for 1 year, requiring a license number)
- permanent (unlimited - unlimited in terms of use, requiring the entry of a license number).
CryptoPro CSP does not see the signature?
Make sure the signature is installed on the computer.
Launch CryptoPro CSP => Tools tab => View certificates in container button => Browse button. If the list is empty, try a different USB port on your computer. If this does not help, then you need to install the driver in accordance with the type of media and bit depth of the Windows system. The type of media is written on the case of the media: eToken or ruToken, and the bit depth of the system can be viewed by right-clicking on the computer icon and selecting Properties: 32 or 64 bit system Windows.
You can download drivers here.
The site / portal does not see the signature?
Launch CryptoPro CSP => Tools tab => "View certificates in container" button => "Browse" button.
If the signature is not defined, then see the answer to question number 2 above.
If the signature is determined, then click the "Next" button, then the "Properties" button, open the "Certification Path" tab. The chain of certificates must consist of the Certification Authority and the full name of the EDS owner (certificates must not have crosses or exclamation marks).
If the CA certificate has a red cross, select it by clicking on it, click View certificate, then the "Install" button (you must specify the Trusted Root Certification Authorities store in the import wizard).
If the certificate has an exclamation point, the certificate of the certification authority must be downloaded //here and also installed in trusted certification authorities.
If the cross has not disappeared, you need to update the version of CryptoPro CSP (for Windows 10 there is a //special version of CryptoPro CSP 4.0)
If the certificate chain is displayed correctly in CryptoPro CSP, then there are problems in the InternetExplorer settings (see the answer to question #4 below).
Setting Internet Explorer (IE)?
For InternetExplorer to work correctly, a plug-in for working with an electronic signature must be installed (you can download it //here)
Automatic updating of InternetExplorer must be turned off, otherwise the settings will go astray. You can turn it off in the Help menu => About => uncheck Install new versions automatically.
ActiveX settings must be enabled on your computer, this can be done in the Start menu => type Internet Options in the search bar and select this item => in the window that opens, select the Security tab => click on the Trusted sites (sites) zone so that it is highlighted => then click the Other button (find the list of ActiveX Controls and Plugins and set the option for each to Enable).
We go to the site where an electronic signature is required for work, and add this page to Trusted sites / sites through Browser Options, the Security tab, highlighting the Trusted sites / sites zone and clicking the Sites / sites button. The Add button should be active, you need to click on it, on the checkbox: For all sites in this zone, server verification is required (https:), you must uncheck it. If the Add button is grayed out (inactive), then the page has already been added to the list of websites and you do not need to add it again. Close the properties. Refresh the page in the browser with the F5 key. If messages about add-ons appear at the bottom or top of the browser, then you need to allow them to run.
Can't login to the site (certificate not matched/authorized)?
Review question 3, if the problems are not related to the settings, then when you enter the site you will receive a message: The client certificate is not associated with the system user (or the selected electronic signature is not authorized).
Perhaps you have not passed accreditation on the site, if so, then see // instructions for accreditation on the electronic site. If accreditation is nevertheless passed, but you received a new signature, for example, due to the fact that the old signature has expired, then you need to link it to your personal account, for this you need to fill out an application for adding a new user on the site and attach it to the application the following documents:
For legal entities: either a decision to appoint a head, if the signature is for the head of the organization, or a power of attorney for an employee of the organization, if the signature is made for the employee (in this case, an archive is attached to the site with a decision on the appointment of a head and a power of attorney from the head to the employee). For commercial sites, a copy of the TIN of the organization may additionally be required.
For individual entrepreneurs / individuals: passport, TIN.
Examples of the page for adding members on popular sites:
Sberbank-AST (in the section For Participants => Registration => Adding a new user) http://www.sberbank-ast.ru/freeregister.aspx
ZakazRF (in the section Registration => Registration of a new user of the organization) http://web.zakazrf.ru/Participant/RegistrationUser
MICEX (in the section For Participants => Registration of a power of attorney) https://app.rts-tender.ru/supplier/lk/Accreditation/EmployeeRequest.aspx
RTS-Tender (button Login => Accreditation => Submit a request to add a new user) https://app.rts-tender.ru/supplier/lk/Accreditation/EmployeeRequest.aspx
Roseltorg - on this site, you must first log in with a login and password or with an old still valid electronic signature, information with the name of the organization and the username with icons will appear at the top right. You must click on the pencil next to the username, a menu with buttons will appear, among which you need to find the button: Link a new EDS.
B2b-center - you need to go to your personal account (using your login and password or the old valid signature). Select in your personal account Information about the organization => My electronic signatures => Upload a certificate through the tab => Registration of certificates. You must check the checkbox: The certificate is already installed on the computer.
Fabrikant - you need to go to your personal account (using your login and password or the old valid signature). Select the Certificates line in your personal account. Upload the certificate through the Upload new ES tab.
What is the password for the container of my signature?
When using an electronic signature for the first time, a window pops up: Enter the password for the container
The default password is 12345678.
The password for the container can be changed. If you have a ruToken carrier, then you need to install // Rutoken control panel. After starting the program, enter the administrator's PIN in the Administration tab (by default, the administrator's PIN is 87654321). Next, click the Unlock => Change button, select a user and set a password.
If you have an eToken carrier, then you need to install // the eToken driver in accordance with the bitness of the Windows system (you can see the bitness of the system by right-clicking on the computer icon and selecting Properties: 32 or 64 bit Windows system). Launch eTokenProperties, click on Detail View (gear icon on the top right). Select the name of the eToken from the list on the left (the name will be highlighted before the eTokenPKIClient Settings line). In the window that appears on the right, you must click on the icon: Change password (in the form of a pencil and keyboard).
How to register on the GIS-housing and communal services?
The GIS housing and communal services service authorizes organizations through the public services portal. Therefore, all accounts must be created on the gosuslugi.ru website. First you need to register the head as an individual. The created account is activated using an electronic signature issued to the organization. After activating an individual, you can add an organization. Confirmation is carried out using the same EDS. If necessary, you can add employees of the organization (they must also have an individual account on the gosuslugi.ru website, confirmed by the same electronic signature). After that, the head of the organization needs to log into the personal account using the EDS and, having selected the role of the organization, add an employee from the account of the legal entity. In the personal account of the organization, the manager can assign administrator rights.
How to understand what type of signature is needed to work on a particular site?
Tell the consultant the exact name of the site (electronic address of the site) for which you need an electronic signature.
How long does it take to produce an EDS?
An electronic signature is made within 1 business day after payment is received and a minimum package of documents (copies of a passport and SNILS) is provided.
Is it possible to update the electronic signature remotely without visiting the center for issuing electronic signatures?
Issuing and re-issuing an electronic signature remotely is not possible. This is contrary to the safety requirements established by the current legislation of the Russian Federation. To obtain an electronic signature, it is necessary to verify the identity of the recipient in //any ES issuing center.
How to sign a document using an EDS?
Word documents can be signed with an electronic signature in the following cases:
1. If the document was created in Microsoft Office 2003/2007, then no additional software is required.
2. If the document was created in Microsoft Office 2010/2013, then you will need to install additionally the CryptoARM program - this is a program that meets the requirements of Russian law in terms of ensuring a legally significant status. After signing the document, a file with the .sig extension is created, which unambiguously confirms the fact of signing the document.
What is a certificate chain?
The chain of certificates is used to confirm the authenticity of the ES certificate. The chain includes certificates of the parent certification authority, intermediate certification authorities (including the CA that issued the user's ES certificate) and the user's certificate. If the certificate chain is built incorrectly (in the certificate properties window on the Certification Path tab, the certificates of the main and intermediate certification authorities are missing or marked with a cross), then the end user certificate is considered untrusted and cannot be used.
What is Capicom / Cadescom?
Capicom and Cadescom are extension programs for Internet Explorer. They are necessary to work with the electronic signature in the browser. CryptoPro EDS BrowserPlug-in includes both of these extensions.
How to add a site to trusted nodes (sites)?
In order to add the site of an electronic site to trusted sites in a browser, go to the site of the site through the Internet Explorer browser and open "Internet Options". On the Security tab, click on the Trusted Sites zone and click the Sites button. Uncheck "All sites in this zone require server verification (https:)". Click the "Add" button, then close the "Trusted Sites" and "Internet Options" windows and refresh the browser page by pressing Ctrl + F5.
How to enable ActiveX settings?
Go to the site site through the Internet Explorer browser and open the browser properties. On the Security tab, click the Trusted Sites zone (Trusted Sites in Internet Explorer 8) and click the Custom button. In the list of options, find the "ActiveX controls and plug-ins" section. For all options in this section, select Enable. Click "OK", confirm the request to save the settings. Close the Internet Options window and refresh the page by pressing Ctrl + F5.
Is CryptoPro CSP a free program?
CryptoProCSP is a paid product. The free trial period of the product is three months from the date of the first installation. After this period, to continue working with the program, you must purchase a license.
What to do if the license for CryptoPro CSP has expired?
When the CryptoPro CSP license expires, you must purchase a new license. As a rule, the license expires together with the validity of the electronic signature, so you may encounter such a situation very rarely. However, if you encounter a problem, then you have three types of CryptoProCSP licenses to choose from:
- Annual, the license is valid for 1 year.
- Perpetual, permanent.
- Embedded in the ES, it is valid during the entire validity period of the ES and cannot be used separately from it.
How to enter the serial number of the CryptoPro CSP license?
To enter the CryptoProCSP license serial number, run the program. On the General tab, click the Enter License button. Enter the license number in the "Serial number" field.
What should I do if I cannot enter the CryptoPro CSP license serial number?
If you are unable to enter the serial number of the CryptoProCSP license, then your serial number does not match the version of the installed program. The serial number of the CryptoProCSP license must match the product version. For version 3.9, the serial number must start with 3939, for version 4.0 - with 4040. You must install the version of CryptoProCSP for which your license number matches.
How to remove CryptoPro CSP?
Uninstalling CryptoProCSP takes place in two stages. First, uninstall the program using standard tools, through the "Control Panel", then run the cspclean.exe utility. After the utility completes, you must restart your computer.
How to update CryptoPro CSP?
To install a newer version of CryptoProCSP, run the installer and confirm the update request. You do not need to uninstall the currently installed version of the product.
How to copy an electronic signature?
To copy an ES, launch CryptoProCSP, go to the "Service" tab and click the "Copy" button. By clicking "Browse", select the signature you want to copy. Click OK, then Next. Enter a name for the container to be created. It must differ from the original container name by at least one character. Click Done. Select "Registry" from the media list and click "OK". You can set a password for the new container or leave the password fields blank.
In what cases is it necessary to reissue an electronic signature?
An unscheduled reissue is carried out in cases where the data that is in the signature changes. For legal entities, such data are: the abbreviated name of the legal entity, legal address, TIN / KPP / OGRN, user's full name, position, SNILS and email. For Individual Entrepreneurs: full name, TIN/OGRNIP, registration address, SNILS, email. For Individuals: full name, TIN, registration address, SNILS, email. If the data has changed, the signature can still be used, but it loses its legal force, so you may be rejected in electronic auctions with such a signature.
How to reissue a signature?
The procedure for re-issuing (renewal) of an electronic signature is the same as for the initial production of an electronic signature. You need to re-submit copies of documents and, upon receipt of a signature, verify your identity in our office.
CryptoPro CSP license expired / can't enter license?
CryptoPro CSP is a paid product and requires the purchase of a license. After receiving the electronic signature, you will be given a set of documents with the SCPEP revocation card, which indicates the type of license and serial number, if it was purchased.
The license is:
The built-in license is recognized by CryptoPro CSP versions 3.9 R4 and all versions 4.0.
The serial number of the annual or permanent license must be entered if this has not already been done.
The serial number must match the product version. The product version can be viewed in the CryptoPro CSP program on the “General” tab at the top right (4040Х-ХХХХХ-ХХХХХ-ХХХХХ-ХХХХХ for CryptoPro CSP 4.0 version and 3939Х-ХХХХХ-ХХХХХ-ХХХХХ-ХХХХХ for CryptoPro CSP 3.9).
