Cryptopro browser plug in does not work. Configuring trusted nodes for CryptoPro EDS Browser plug-in
Cryptographic operations, such as creating an electronic signature or decrypting a file, require access to keys and personal data of the user (for example, to a personal certificate store). When performing such operations by web applications (using the CryptoPro EDS Browser plug-in), the plug-in requests the user’s permission to access his keys or personal data.
The user's permission will be requested when activating CryptoPro EDS Browser plug-in objects.
Trusted Web sites (for example, those located on your organization's intranet) can be added to the list of trusted Web sites. Sites on the Trusted Sites list will not prompt the user for confirmation when opening the certificate store or performing operations on the user's private key.
Managing a list of trusted websites on Windows platforms
To manage the list of trusted websites in the CryptoPro EDS Browser plug-in, the user must run Start -> Crypto-Pro -> Digital signature settings Browser plug-in. This page is part of the CryptoPro EDS Browser plug-in distribution kit.
A computer or domain administrator can also manage the list of trusted websites for all users through Group Policy. Configuration is carried out in the Group Policy console in the section Computer configuration/User configuration -> Administrative templates -> Crypto-Pro -> CryptoPro EDS Browser plug-in. The following policies are available to the administrator: List of trusted nodes. Defines the addresses of trusted nodes. Websites specified through this policy are considered trusted in addition to those that the user adds independently through the CryptoPro EDS Browser plug-in settings page.
The page is saved for a specific user
HKEY_USERS\
The policy is saved in the appropriate section for policies:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Crypto-Pro\CadesPlugin\TrustedSites
Managing a list of trusted websites on Unix platforms
To manage the list of trusted websites in the CryptoPro EDS Browser plug-in on Unix platforms, use the page /etc/opt/cprocsp/trusted_sites.html, which is part of the CryptoPro EDS Browser plug-in distribution.
You can also use the command to view a list of trusted websites:
/opt/cprocsp/sbin/
To add websites (for example, http://mytrustedsite and http://myothertrustedsite) to the trusted list, you can use the command:
/opt/cprocsp/sbin/
To clear the list of trusted websites, you can use the command:
/opt/cprocsp/sbin/
Adding sites to the list of trusted sites for all users is available using the command
/opt/cprocsp/sbin/
CryptoPro EDS browser plug-in (aka CryptoPro CADESCOM or Kadescom) is a plug-in required for creating and verifying an electronic signature on web pages using CryptoPro CSP. Used to work on trading platforms and portals. The distribution is available on the CryptoPro website in the Products / CryptoPro EDS Browser plug-in section http://www.cryptopro.ru/products/cades/plugin/get_2_0.
System requirements
- The plugin can be installed on the following operating systems: Win XP SP3, Win Vista SP2, Win 2003 SP2, Win 2008 SP2, Win 7, Win 2008 R2, Win 8, Win8.1, Win10.
- Works with browsers: IE 8 - 11, Opera, Mozilla Firefox, Google Chrome, Yandex Browser
Does not work in the Edge browser, which is preinstalled in Windows 10.
- Requires pre-installed CryptoPro CSP version no lower than 3.6 R2
Features of some browsers for configuring the plugin
- in Mozilla Firefox 29 and higher: you must enable the plugin (the browser may not ask for permission to enable the plugin). To do this, go through diagnostics and perform a fix "Enabling plugins in Mozilla Firefox", after which it is necessary restart Firefox. You can also do this manually: press Ctrl+Shift+A, go to the “Plugins” section, select CryptoPro CAdES NPAPI Browser Plug-in and switch it to the “Always active” state, after which you must restart Firefox .
- in Google Chrome you need to follow the link and install the extension.
- In Yandex Browser and Opera you need to install the extension available at this link
- In Internet Explorer you need to make the following settings:
- Add the address of the site where you work with the plugin to trusted sites (Browser options / security / trusted sites / sites / add site address).
- If you are working in Internet Explorer 11, then try working in compatibility mode.
- Check that the site address is added to the plugin’s trusted nodes (most sites that accept our CA certificates can be added automatically using the diagnostics https://help.kontur.ru/uc). To check that the site has been added to the trusted nodes of the plug-in, you need to go to Start - All programs - CRYPTO-PRO - Settings CryptoPro EDS Browser plug-in. A browser window will open in which you will need to allow to unblock all page contents/allow access.
The rules for installing the CryptoPro CSP plugin in Mozilla Firefox differ depending on the browser version - 52 and higher, or an older one.
Mozilla Firefox versions below 52
To sign documents in Mozilla Firefox:
- Turn off automatic updates. To do this, go to “Menu” ⇒ “Settings” ⇒ “Additional” ⇒ “Updates” (Fig. 1).
- Install version 51.0.1 from the official Mozilla Firefox website.
To install CryptoPro Browser plug-in, you must follow these steps:
- Download the installation program from the official website of the Crypto-Pro company www.cryptopro.ru/products/cades/plugin and run the executable file.
2. In the installation window for CryptoPro Browser plug-in, click the “Yes” button (Fig. 2-a).
Rice. 2-a. Installing CryptoPro Browser plug-in 3. Wait for the installation to complete (Fig. 2-b).
Rice. 2-b. Installing CryptoPro Browser plug-in 4. Click the “Ok” button and restart the Internet browser (Fig. 2-c).
Rice. 2-in. Installing CryptoPro Browser plug-in Important
After installing CryptoProBrowser plug- inyou need to check whether the add-on for working with the electronic signature CryptoPro EDS Browser plug-in for browsers is installed in your browser.
5. Open the browser, click the “Browser Menu” button, select the “Add-ons” section (Fig. 3).
Rice. 3. Browser menu 6. Open the "Plugins" tab. Opposite the “CryptoPro CAdES NPAPI Browser Plug-in” plug-in, select the “Always enable” option in the drop-down menu (Fig. 4).
Rice. 4. Add-on management 7. Restart your browser.
Mozilla Firefox version 52 and higher
To install CryptoPro Browser plug-in, follow these steps:
- Follow the link www.cryptopro.ru/products/cades/plugin, then select “browser extension” (Fig. 5).
Rice. 5. CryptoPro website
2. Click “Allow” (Fig. 6).
Rice. 6. Request resolution
3. Click “Add” (Fig. 7).
Hello, dear friends! I will tell you what to do if the State Services website (the method is also relevant for other services) suddenly stops working. Firefox recently updated to version 52, which does not support some plugins. Let's figure out what happened and how to deal with it.
Install the program, the required one will appear in the list of plugins - Crypto Interface Plugin, which is required to work with the State Services website.
Thus, if you have problems with the operation of any services in Firefox, check the current version of the browser. Please remember that installing Firefox ESP with legacy plugin support is a temporary solution. In the future, you will still have to look for another option, since Mozilla guarantees support for Firefox ESP until the end of 2017. I don't recommend using an outdated version because you expose your computer to the risk of infection.
In the next video I will talk about automatically opening pages in different browsers. This feature is useful in a situation where you need to use multiple browsers for the service to work correctly.
Anton Sevostyanov
System Administrator,