How to install a root certificate. Internet explorer does not see the certificate

ATTENTION:

The article is outdated. To work with the Statistics of the Republic of Kazakhstan portal, a certificate installed in the browser is no longer required; the certificate is selected through the program.

To send a statistical report to the Statistics Committee of the Republic of Kazakhstan electronically, you need to install an electronic digital signature certificate in the certificate store of Windows (Internet Explorer) or the browser itself (Mozilla Firefox).

This method of installing a key is suitable for all browsers except Mozilla Firefox, which uses its own certificate store; the procedure for installing a digital signature key for this browser is described in this article -.

At the moment, the portal of the Committee of Statistics of the Republic of Kazakhstan requires manual installation of the certificate.

To enter the portal, you need to install the first file of the digital signature issued to you - install the AUTH_RSA file.

The second file, RSA or GOST (IP or LLP), is used at the time of sending to sign the finished electronic report for the Statistics Committee of the Republic of Kazakhstan.

The default password for the digital signature key received at the Public Service Center is 123456

The example is shown on Windows 10 x64.

Video lesson: Statistics of the Republic of Kazakhstan: Installing an EDS certificate in the Internet Explorer browser

From the author:

If the problem is solved, one of the ways to say “Thank you” to the author is indicated -.

If the problem could not be resolved or additional questions arise, you can ask them on ours, in our group.

Or, use our “” service and entrust the problem to a specialist.

When you try to access the WebMoney website (as well as any other online service), you may receive a message that a problem has been detected with the security certificate for this web site. To correct the situation and use the site’s services safely and unhindered, you need to install a root certificate. Let's look at this process using the example of logging into Webmoney through the Internet Explorer browser.

How to install a root certificate?

First of all, you need to download the missing file itself. For Webmoney it is located and distributed free of charge. It is important to obtain such files only from official sites or reliable sources in order to avoid infection by virus programs and protect yourself from intruders. After the certificate is saved on the connected media:

• open Internet Explorer settings;
• find the item “Internet Options”;
• move to the “Contents” tab;
• Click on the “Certificates” panel;
• go to “Trusted Root Certification Authorities”;
• click on the “Import...” button;
• The “Wizards..” window will open to select settings;
• click on the “Next” button;
• Click “Browse” and indicate the location of the saved certificate;
• Click “Open” and “Next”;
• Confirm the end of the procedure with the “Finish” button.

Errors in installing the root certificate

For the root certificate to be installed correctly, the "default" certificate store must match the location where you place the file. In the case where the certificate was imported from another department of the repository, you need to click on “Browse...” and specify “Trusted Root Certification Authorities” as the repository (as shown in the image). The installed certificate can be easily viewed and verified through the browser tab “Certificates” -> “Trusted Root Certification Authorities”. The file must expire on March 10, 2035.

How to check if the installed certificate is working? Restart your browser and go to the Webmoney Certification Center page. The security notice should disappear. Installing root certificates for other sites and browsers is done in exactly the same way, with minimal differences in the interface of the programs used.

Installation is very simple, first, left-click on the link, a sign will appear below:

Click "Open", after which the following window will appear:

The window describes the root certificate and to whom it was issued, make sure it matches the image and click “Install certificate”. The certificate installation program "Certificate Import Wizard" will start.

Click "Next" and move on to the next step.

In the window, put a circle next to “Place all certificates in the following location”, click on “browse”.

Select the “Trusted Root Certification Authorities” certificate store, as shown in the picture above, click “Ok” and get the following window:

Click "Next".

We make sure that everything is the same as in the picture and click “Done”.

Click “Ok”, congratulations, the certificate is installed, now you can open it.

A padlock will appear next to the site's address bar; by clicking on it, you can view the security report.

P.S. : Unfortunately, the Internet Explorer browser is not the best browser for surfing Internet pages, the fault is the reluctance to bring the browser to uniform standards or a belated reaction to new standards. The latest versions have seen dramatic changes, which is a big plus, but there are still points that can negate the work of web developers. I recommend changing Internet Explorer to something more convenient, fast and secure. Which browser should you choose? It's only your choice! Each has its own sweet color). And there is plenty to choose from - Opera, Google Chrome, Mozilla Firefox, Maxthon 3, SeaMonkey, and this is not the entire list of popular, well-functioning browsers.

Good day!

I think that almost every user (especially recently) has encountered an error in the browser stating that the certificate of such and such a site is not trusted, and a recommendation not to visit it.

On the one hand, this is good (after all, the browser, and in general the popularization of such certificates, ensures our security), but on the other hand, such an error sometimes pops up even on very well-known sites (for example, Google).

The essence of what is happening, and what does it mean?

The fact is that when you connect to a site on which the SSL protocol is installed, the server transmits a digital document to the browser ( certificate) that the site is genuine (and not a fake or a clone of something there...). By the way, if everything is fine with such a site, then browsers mark them with a “green” padlock: the screenshot below shows how it looks in Chrome.

However, certificates can be issued by well-known organizations (Symantec, Rapidssl, Comodo, etc.) , and anyone in general. Of course, if the browser and your system “do not know” who issued the certificate (or there is a suspicion that it is correct), then a similar error appears.

Those. I am leading to the fact that both completely white sites and those that are really dangerous to visit can fall under the distribution. Therefore, the appearance of such an error is a reason to take a close look at the site address.

Well, in this article I want to point out several ways to eliminate such an error if it began to appear even on white and well-known sites (for example, on Google, Yandex, VK and many others. You won’t refuse to visit them, will you?).

How to resolve the error

1) Pay attention to the site address

The first thing to do is just pay attention to the site address (it is possible that you typed the wrong URL by mistake). Also, sometimes this happens due to the fault of the server on which the site is located (perhaps, in general, the certificate itself is simply outdated, because it is issued for a certain time). Try visiting other sites, if everything is OK with them, then most likely the problem is not with your system, but with that particular site.

Example of the error "The site's security certificate is not trusted"

However, I note that if the error appears on a very well-known site that you (and many other users) completely trust, then there is a high probability of a problem in your system...

2) Check the date and time set in Windows

The second point is that a similar error can pop up if the time or date is set incorrectly in your system. To correct and clarify them, just click on “time” in the Windows taskbar (in the lower right corner of the screen). See screenshot below.

After setting the correct time, restart your computer and try to reopen the browser and sites in it. The error should disappear.

I also draw your attention to the fact that if your time is constantly lost, the battery on your motherboard is probably dead. It is a small “tablet”, thanks to which the computer remembers the settings you entered, even if you disconnect it from the network (for example, are the same date and time somehow calculated?).

3) Try updating your root certificates

Another option to try to solve this problem is to install a root certificate update. Updates can be downloaded from the Microsoft website for different operating systems. For client operating systems (i.e., for ordinary home users), these updates are suitable:

4) Installing “trusted” certificates in the system

Although this method works, I would like to warn you that it “may” become a source of problems in the security of your system. At least, I advise you to resort to this only for such large sites as Google, Yandex, etc.

To get rid of the error associated with the unreliability of the certificate, a specialist should be used. plastic bag GeoTrust Primary Certification Authority .

By the way, to download GeoTrust Primary Certification Authority:

Now you need to install the downloaded certificate into the system. I’ll tell you step by step how this is done below:

5) Pay attention to antivirus utilities

In some cases, this error may occur due to the fact that some program (for example, an antivirus) scans https traffic. This is what the browser sees that the incoming certificate does not match the address it came from, and as a result a warning/error appears...

Therefore, if you have an antivirus/firewall installed, check and temporarily disable the https traffic scanning setting (see example of AVAST settings in the screenshot below).

That's all I have...

For additions on the topic - a special merci!

All the best!

We are often asked the question: how to install a certificate via CryptoPpo CSP. There are different situations: the director or chief accountant has changed, they have received a new certificate from a certification center, etc. Everything worked before, but now it doesn't. We tell you what you need to do to install a personal digital certificate on your computer.

You can install a personal certificate in two ways:

1. Through the CryptoPro CSP menu “View certificates in container”

2. Through the CryptoPro CSP menu “Install personal certificate”

If your workplace uses the Windows 7 operating system without SP1, then install the certificate according to the recommendations of option No. 2.

Option No. 1. Install through the “View certificates in container” menu

To install a certificate:

1. Select Start -> Control Panel -> CryptoPro CSP -> Tools tab and click the “View certificates in the container” button.

2. In the window that opens, click on the “Browse” button. Select a container and confirm your choice with the OK button.

If the message “There is no public encryption key in the private key container” appears, proceed to installing the digital certificate using option #2.

4. If the version of “CryptoPro CSP” 3.6 R2 (product version 3.6.6497) or higher is installed on your computer, then in the window that opens, click on the “Install” button. After this, agree to the proposal to replace the certificate.

If the “Install” button is missing, in the “Certificate for viewing” window, click the “Properties” button.

5. In the “Certificate” window -> “General” tab, click on the “Install certificate” button.

6. In the “Certificate Import Wizard” window, select “Next”.

7. If you have installed version “CryptoPro CSP” 3.6, then in the next window just leave the switch on the “Automatically select storage based on certificate type” item and click “Next”. The certificate will be automatically installed in the “Personal” storage.

Option 2. Install through the “Install personal certificate” menu

To install, you will need, in fact, the certificate file itself (with the .cer extension). It can be located, for example, on a floppy disk, on a token, or on the computer's hard drive.

To install a certificate:

1. Select Start -> Control Panel -> CryptoPro CSP -> Tools tab and click the “Install personal certificate” button.

2. In the “Personal Certificate Installation Wizard” window, click the “Next” button. In the next window, to select the certificate file, click “Browse”.

3. Specify the path to the certificate and click on the “Open” button, then “Next”.

4. In the next window, you can view the certificate information. Click “Next”.

5. In the next step, enter or specify the private key container that corresponds to the selected certificate. To do this, use the “Browse” button.

If you have installed CryptoPro CSP 3.6 R2 (product version 3.6.6497) or higher, check the “Install certificate into container” checkbox.

8. Select the “Personal” storage and click OK.

9. The storage you have chosen. Now click “Next”, then “Finish”. After this, a message may appear:

In this case, click “Yes”.

10. Wait for a message that the personal certificate has been successfully installed on your computer.

That's it, you can sign documents using the new certificate.

If none of the solutions suggested below fix the problem, the key media may have been damaged and requires recovery (see). It is impossible to recover data from a damaged smart card or registry.

If there is a copy of the key container on another medium, then you must use it for work, having first installed the certificate.

Diskette

If you are using a floppy disk as the key container, you must complete the following steps:

1. Make sure that in the root of the floppy disk there is a folder containing the files: header, masks, masks2, name, primary, primary2. Files must have a .key extension and the folder name format must be xxxxxx.000.

the private key container has been corrupted or deleted

2. Make sure that the “Disk drive X” reader is configured in CryptoPro CSP (for CryptoPro CSP 3.6 - “All removable drives”), where X is the drive letter. To do this:

• Select the “Start” menu > “Control Panel” > “CryptoPro CSP”;

?).

3. In the CryptoPro CSP window “Selecting a key container”, select the “Unique names” radio button.

4.

• Select the “Start” menu > “Control Panel” > “CryptoPro CSP”;
• Go to the “Service” tab and click on the “Remove remembered passwords” button;

5. How to copy a container with a certificate to another medium?).

Flash drive

If a flash drive is used as the key media, you must complete the following steps:

1. Make sure that in the root of the media there is a folder containing the files: header, masks, masks2, name, primary, primary2 . Files must have a .key extension and the folder name format must be as follows: xxxxxx.000 .

If any files are missing or their format is incorrect, then the private key container may have been damaged or deleted. You also need to check whether this folder contains six files on other media.

2. Make sure that the “Disk drive X” reader is configured in CryptoPro CSP (for CryptoPro CSP 3.6 - “All removable drives”), where X is the drive letter. To do this:

• Select the “Start” menu > “Control Panel” > “CryptoPro CSP”;
• Go to the “Equipment” tab and click on the “Configure readers” button.

If the reader is missing, you need to add it (see How to configure readers in CryptoPro CSP?).

3.

4. Remove remembered passwords. For this:

• Select the “Start” menu > “Control Panel” > “CryptoPro CSP”;
• Select the “User” item and click the “OK” button.

5. Make a copy of the key container and use it for work (see How to copy a container with a certificate to another medium?).

6. If CryptoPro CSP version 2.0 or 3.0 is installed at your workplace, and Drive A (B) is present in the list of key media, then it must be removed. For this:

• Select the “Start” menu > “Control Panel” > “CryptoPro CSP”;
• Go to the “Equipment” tab and click on the “Configure readers;” button
• Select the reader “Disk Drive A” or “Disk Drive B” and click on the “Delete” button.

After removing this reader, working with the floppy disk will be impossible.

Rutoken

If a Rutoken smart card is used as a key carrier, you must complete the following steps:

1. Make sure that the light on the rutoken is on. If the light does not light, then you should use the following recommendations.

2. Make sure that the “Rutoken” reader is configured in CryptoPro CSP (for CryptoPro CSP 3.6 - “All smart card readers”). To do this:

• Select the “Start” menu > “Control Panel” > “CryptoPro CSP”;
• Go to the “Equipment” tab and click on the “Configure readers” button.

If the reader is missing, you need to add it (see How to configure readers in CryptoPro CSP?).

3. In the “Select a key container” window, select the “Unique names” radio button.

4. Remove remembered passwords. For this:

• Select the “Start” menu > “Control Panel” > “CryptoPro CSP” ;
• Go to the “Service” tab and click on the “Remove remembered passwords” button;
• Select the “User” item and click the “OK” button.

5. Update the support modules required for Rutoken to work. For this:

• Disconnect the smart card from the computer;
• Select the “Start” menu > “Control Panel” > “Add or Remove Programs” (for Windows Vista\Seven “Start” > “Control Panel” > “Programs and Features”);
• Select “Rutoken Support Modules” from the list that opens and click on the “Delete” button.

After removing modules you need to restart your computer .

• Download and install the latest version of support modules. The distribution is available for download on the Aktiv website.

After installing the modules, you must restart your computer.

6. You should increase the number of Rutoken containers displayed in CryptoPro CSP using the following instructions .

7. Update the Rutoken driver (see How to update the Rutoken driver?).

8. You should make sure that Rutoken contains key containers. To do this, you need to check the amount of free memory on the media by following these steps:

• Open “Start” (“Settings”) > “Control Panel” > “Rutoken Control Panel” (if this item is missing, you should update the Rutoken driver).
• In the “Rutoken Control Panel” window that opens, in the “Readers” item, select “Activ Co. ruToken 0 (1,2)" and click on the "Information" button.

If the rutoken is not visible in the “Readers” item or when you click on the “Information” button, the message “ruToken memory status has not changed” appears, then the media has been damaged, you need to contact the service center for an unscheduled key replacement.

• Check what value is indicated in the line “Free memory (bytes)”.

Service centers issue root tokens with a memory capacity of about 30,000 bytes as key media. One container takes up about 4 KB. The amount of free memory of a rootken containing one container is about 26,000 bytes, two containers - 22,000 bytes, etc.

If the free memory of a root token is more than 29-30,000 bytes, then there are no key containers on it. Therefore, the certificate is contained on a different medium.

Registry

If the Registry reader is used as a key medium, you must perform the following steps:

1. Make sure that the “Register” reader is configured in CryptoPro CSP. For this:

• Select the “Start” menu > “Control Panel” > “CryptoPro CSP”;
• Go to the “Equipment” tab and click on the “Configure readers” button.

If the reader is missing, you need to add it (see How to configure readers in CryptoPro CSP?).

2. In the “Select a key container” window, select the “Unique names” radio button.

3. Remove remembered passwords. For this:

• Select the “Start” menu > “Control Panel” > “CryptoPro CSP”;
• Go to tab « Service" and click on the "Delete remembered passwords" button;
• Select the “User” item and click the “OK” button.