Upload
others
View
17
Download
0
Embed Size (px)
Citation preview
Operator-CRPT, LLC
6 Mira Avenue, Moscow, Russia, 129090
[email protected], www.crpt.ru
tel. 8 (499) 350-85-59
SOFTWARE INSTALLATION AND SETUP MANUAL FOR OPERATION WITH ELECTRONIC SIGNATURE IN TT GIS PORTAL
2020
Table of Contents
List of Abbreviations.............................................................................................................................. 3
System requirements ............................................................................................................................ 4
Requirements to cryptographic software ...................................................................................... 4
When using RUTOKEN EDS 2.0 with built-in crypto providers: ....................................................... 4
When using carriers without a built-in crypto provider: ................................................................... 4
Setting up for operation with Rutoken EDS 2.0 carrier ........................................................... 5
Installing Rutoken Drivers for Windows kit ......................................................................................... 5
Installing Rutoken Plugin ....................................................................................................................... 6
Setting up desktop for operation without a built-in crypto provider.................................. 9
Installing Crypto Provider ............................................................................................................... 9
CryptoPro CSP ..................................................................................................................................... 9
VipNet CSP ......................................................................................................................................... 11
Installation of CryptoPro CAdES Browser plug-in ................................................................ 13
Building a chain of trust to personal certificate .................................................................... 16
Installing the root certificate of MinComSvyaz of Russian to the store “Trusted root authorities” ......................................................................................................................................... 18
Installing the certificate of the Certification Authority to the Intermediate Certification Authorities Certificate Store ............................................................................................................ 21
Installing the certificate to Personal store .................................................................................... 22
Technical support ................................................................................................................................. 24
List of Abbreviations
TT GIS Track and trace information system for goods marking and turnover
CIP Program (service) allowing for document coding and decoding and is responsible for operation with electronic signature. CIP can be built in the carrier or provided as a separate software product
QESVKC
Qualified electronic signature verification key certificate complying with requirements established by FZ-63 and other rules and regulations and created by the accredited Certification Authority or the Federal Executive Authority in the sphere of use of electronic signature
QES Qualified electronic signature is a unique sequence of symbols intended to create electronic signature
CA Legal entity, individual entrepreneur or state authority or local government body performing functions of creation and issue of electronic signature verification keys
System requirements • OPERATING SYSTEM:
Windows 7 and later, Mac OS X 10.8 and later • BROWSER:
Google Chrome 70, Mozilla Firefox 60, Internet Explorer 11, Safari 12
Requirements to cryptographic software
When using RUTOKEN EDS 2.0 with built-in crypto providers: • Rutoken drivers • Rutoken plugin
When using carriers without a built-in crypto provider: • Crypto provider supporting signature generation and verification as per GOST R 34.10-
2012 (CrytoProCSP, VipNet CSP, etc.) • CryptoPro CAdES Browser Plug-in • Built chain of trust to user personal certificate
Setting up for operation with Rutoken EDS 2.0 carrier Installing Rutoken Drivers for Windows kit Install the driver kit to enable operation with Rutoken drivers. For updated version, go to the manufacturer’s website: To install the driver kit: 1. Run the Windows driver kit installation master and click [Install].
2. In the window requesting to permit changes in the computer, click [Yes]. As a result, the driver kit installation process will start.
3. When the installation process completed, click [Close].
Installing Rutoken Plugin For updated version of the plugin, go to website The Rutoken Plugin installation master cannot add the Adapter Rutoken Plugin extension automatically in the FireFox 74 and later. Install Adapter Rutoken Plugin extension from the official Mozilla Add-ons. 1. Run the Rutoken plugin to install it. Rutoken Plugin window will open.
2. In the next step of installation, select the installation area for Rutoken Plugin: for the current user of all users of the computer (available for users who have administrator rights). Click [Next].
3. To run the installation process, click [Install].
4. When the installation process completed, click [Ready].
5. Connect Rutoken device to the computer.
Your working place setup has been completed.
Setting up desktop for operation without a built-in crypto provider Installing Crypto Provider
CryptoPro CSP
Complete the registration procedure and download CryptoPro CSP distributive from the developer’s official website
Attention! CryptoPro CSP CIP distributive shall be installed by the user who has administrator rights.
When installing CryptoPro CSP, follow the installation wizard instructions.
Restart the computer after the installation is complete.
VipNet CSP
Complete the registration procedure and download VipNet CSP distributive from the developer’s official website To install ViPNet CSP, you need to have administrator right of the operating system.
To install VipNet CSP proceed as follows:
1. Run the installation file. 2. Read the license agreement conditions on the License agreement page of the
VipNet CSP installation wizard. Check the box if you accept it. Then click Continue.
3. To make the computer restart automatically after the installation is complete, check the “Restart the computer automatically when complete” box on the installation type page.
4. If you want to setup the installation parameters, click the Setup button on the Installation type page and specify the necessary:
• Program components you want to install; • Installation path to a folder on your computer; • User name and organization name;
• Name of the program folder in the Start menu. You can select or deselect the following components to be installed:
• ViPNet CSP control panel — if you disable this component, only the crypto provider libraries will be installed without the ViPNet CSP executive file. This type of installation is useful for developers.
• Support of ViPNet CSP operation through Microsoft CryptoAPI — adds functions allowing the use of ViPNet CSP crypto provider in third party applications, e.g. In Microsoft Office. The component is enabled by default for a separate installation of VipNet CSP.
• Support of TLS/SSL protocol — adds functions allowing you to set up a secured connection via TLS protocol. When installing VipNet CSP on the computer that works on Windows 10 OS, this component is disabled by default.
• Support of connection to ViPNet HSM — adds functions allowing you to set up a connection to ViPNet HSM server and work with keys stored on this server.
5. To start the installation, click Install now button. 6. If you checked the box in the “Restart the computer automatically when
complete” checkbox on the Installation type page, the computer will restart automatically after the end of installation. Otherwise, the program will ask you to restart the computer once the installation is complete. Click Yes button in the restart message box.
The selected components will be installed as a result. Also, a recovery point of all system files and parameters will be created during the installation.
Installation of CryptoPro CAdES Browser plug-in An extension for browser is not enough for correct functioning of web pages using
CryptoPro CAdES Browser plug-in. First, you need to download the installation file and install it following this Manual.
For distributive and its installation manual, go to link 1. Download the installation program. For CryptoPro CAdES Browser plug-in, go to link 2. Run cadesplugin.exe file.
3. Confirm the installation of CryptoPro CAdES Browser plug-in.
4. If required, allow CryptoPro CAdES Browser plug-in to make changes by clicking Yes button.
5. Wait until the end of installation of CryptoPro CAdES Browser plug-in.
6. Confirm the installation of CryptoPro CAdES Browser plug-in.
7. Further settings vary depending on the browser you use.
• Chrome: Run the Chrome browser and wait for notification on the installed extension
("CryptoPro Extension for CAdES Browser Plug-in” message) to appear. Enable this extension. If you installed CryptoPro CAdES Browser plug-in previously on your computer, then deleted it, you will need to install the extension separately. For this purpose, go to link and install the extension from Chrome Web Store.
• Opera or Yandex.Browser: For extension, go to link.
• Firefox: Download the extension from the link and install it on your browser.
• Microsoft Internet Explorer: no additional settings are required.
8. Check if the installation is correct on the plug-in check page. Confirm the access by clicking Yes button in the pop-up window.
If the installation of CryptoPro CAdES Browser plug-in was successful, a window will pop up showing that “Plug-in is downloaded”, with indication of its version and the version of CryptoPro CAdES Browser plug-in that you use.
Building a chain of trust to personal certificate
You need to install the electronic esignature verification key certificates: • root certificate of Mincomsvyaz of Russia - to the certificate store “Trusted root
certification authorities”;
• Certificate of Certification Authority that issued the ES - to the certificate store “Intermediate Certification Authority”.
• The certificate issued to a legal entity or an individual entrepreneur by the certification authority accredited in compliance with requirements of the Federal law No. FZ-63 – to the certificate store “Personal”.
In the Start menu select Control panel - Browser properties - Contents - Certificates. Go to Personal tab:
Select the installed certificate by double clicking on it. Go to Certification path tab:
In the Certification path tab you should see a chain of certificates used to establish
trust. The Certificate status field should display a certificate validity message.
If the Certificate Info displays “This certificate cannot be verified up to a trusted
certification authority” in the General tab – you need to install the root certificate of the Ministry of Communications and the Certification Authority that issued your electronic signature.
The certificate of the Ministry of Communications shall be stored in the certificate store “Trusted Root Certification Stores”:
The certificate of the Certification Authority that issued QESVKC will be stored in the certificate store “Intermediate Certification Authorities”.
Installing the root certificate of MinComSvyaz of Russian to the store “Trusted root authorities”
To install the certificate, you will need to go to link and open the downloaded certificate.
Click Install certificate
In the opened window of certificate import master, click Next.
Choose the option “Place all certificates in the following store”, then click Browse...
Specify the “Trusted Root Certification Authorities”, then click OK.
Click Next.
When finished with the certificate import wizard, click Ready.
Confirm the installation of certificate by clicking Yes.
The certificate installation is complete, click OK.
Installing the certificate of the Certification Authority to the Intermediate Certification Authorities Certificate Store
Install the certificate of the Certification Authority that issued your electronic signature to the Intermediate Certification Authorities in the same way as for installation of the root certificate of MinComSvyaz of Russia. Address the CA website to get the certificate.
Installing the certificate to Personal store
CryptoPro CSP crypto provider To view the certificate stored in the private key container, open the CIP Control
panel of CryptoPro CSP and go to Service tab.
Click View certificates in the container button. The Certificates in the private key
container window will open.
In this form you need to fill in the Name of key container. You can enter it manually or find it in the list of containers (Browse button) or certificates (By certificate button). If the container has a certificate, a “Certificate to view” window will open. In the “Certificates in the private key container” window click Install button.
VipNet CSP crypto provider
In order to use the certificate in different applications, you should install it in one of the following certificate stores of Windows operating system:
• Current User store, Personal > Certificates – install the certificate into this store if you want to code, decode, create and verify the electronic signature of files, and for access to secured resources through the web browser.
• Local Machine store, Personal > Certificates – install the certificate into this store if you use VipNet CSP on the web server to arrange access to the secured resources: The local machine store is also recommended to install the certificates that will be used by services of this machine.
To install the certificate to the system store from the key container, proceed as
follows: 1. In the VipNet CSP window, Key Container, select the key container from
which you need to install the certificate. 2. Click Properties or double click the required key container. 3. If you want to install the certificate to the current user key store, proceed as
follows: • In the Key Container Properties window, click Open.
• In the Certificate, General tab, click Install Certificate. The certificate import wizard will start.
• Click Next on the welcome page of the certificate import wizard. • In the Certificate Store page select “Place all certificates in the following
store”, then click Browse. • In the Certificate Store selection window, select Personal. • Click Ready on the Certificate Import Wizard Finish page.
Your working place setup has been completed.
Technical support If you have any unsolved issues, please, do not hesitate to contact us:
+7 800 222-15-23
Or you can ask your question at https://честныйзнак.рф