Assistance in setting up cryptographic programs for working with the Electronic Invoices Portal. Make sure the ssl and tls protocols are enabled Error when trying to connect to the tls server

Authorization on the Portal is possible with a valid public key certificate obtained in the public key infrastructures of the certification center of the Republican Unitary Enterprise "Information and Publishing Center for Taxes and Duties" (hereinafter - RUP IIC) or in the Republican Certification Center of the State Public Key Management System for Verifying Electronic Digital Signatures of the Republic of Belarus (hereinafter referred to as RTC GosSUOK).

Make sure that you have a disk with up-to-date software and a carrier of key information, the so-called. key (for example, AvPass, AvToken, AvBign).

To work with the portal for submitting electronic invoices you need:

Open the system properties view: Right-click on the Computer (My Computer) shortcut - Properties.

Look at what the operating system properties look like:

The build year must correspond to the actual release year of the operating system, for example:

• for Windows XP - 2002
• for Windows 7 - 2009, etc.

There should not be any extraneous images other than the Windows logo (pre-installed systems from well-known computer manufacturers may also contain manufacturer logos and/or activation information).

Common assemblies that may cause problems: ZverCD, ZverDVD, PiterPen, Goletsa, etc.

The operation of cryptographic components on these types of assemblies is not guaranteed.

The subscriber package includes:

• Crypto provider Avest CSP 6.3.0.791;
• Crypto provider Avest CSP Bel 6.3.0.791;
• Personal certificate manager 4.0.6;
• AvCMXWebP plugin 1.1.8;
• AvJCEProv 1.3.1;

ATTENTION! If this cryptographic software is not installed on the user’s PC, then the operation of all functionality of the portal and web service is not guaranteed!

The software, which includes a subscriber kit with the appropriate settings for the infrastructure of the RUP IITs or RTC GosSUOK and the organization’s personal certificate, is distributed on a CD. The certificate is usually issued for several years, so the programs transferred on the disk may become outdated over time. At the moment, the current version of the crypto provider for users with certificates from the infrastructure of the RUE IIC or RTC GosSUOK:

Avest CSP(Check the version by opening Start - All Programs - Avest - Avest CSP - "Version" tab).

Avest CSP bel(Check the version by opening Start - All Programs - Avest - Avest CSP bel - "Version" tab).

If you have an older version of the Avest CSP or Avest CSP bel crypto provider installed on your computer, then it is best to use the update of the entire subscriber package. For this:

1. Download and save to your computer an archive with the current subscriber kit for AvToken or AvPass media.
2. The programs are archived. Be sure to unpack the archive before installing the programs.
3. Go to the unpacked directory with the files..\AvPKISetup(4.0.6.bign)\.
4. If you do not have a certificate in your personal directory
   Find the ..\data\ folder and copy the chain of certificates in *.p7b format with your current certificate from the RUP IIC into it. The installer will not only update your programs, but will also start importing this certificate into your personal directory.
5. If you have a current certificate in your personal directory, then the installation can be started simply in software update mode: Find the AvPKISetup2.exe file and run it by double-clicking. The Software Update Wizard will launch. Follow the installation wizard's instructions. Be careful, you may need to restart your computer during the installation process.
6. Detailed instructions for using the automatic installer AvPKISetup are located in the same archive in the folder..\AvPKISetup(4.0.6.bign)\Docs\Instructions for installing software using AvPKISetup on the NCES 2.0 workstation.pdf.

Make sure your certificate is valid. Open the personal manager corresponding to the certificate, go through authorization, make sure that the certificate is valid and the SOS has not expired.

SOS has expired. Use the button to automatically update the current Certificate Revocation Lists.

Import SOS

Import SOS

If you are using Windows Server 2008R2, Windows Server 2012R1 or Windows Server 2012R2, then you may have problems with authorization over a secure connection. We recommend you the following solution:

1. Save this file to your computer in a place where you can definitely find it later (for example, select “My Computer” - drive C:\ or the “Downloads” folder).
2. Unpack the archive.
3. Run the file by double-clicking (changes must be made with administrator rights).
4. Allow changes to be made to the registry.
5. Restart your computer after making all changes.

Launch Internet Explorer. In the menu bar you need to select the settings icon and the item in it.

The Internet/Browser Properties window will open. Select tab "Safety".

On the security tab, click on the green checkmark and then on the button "Nodes/Sites".

A window will open. In field “Add the next node to the zone” enter the address at which you enter your personal account (*.website). Uncheck the box next to the phrase: "All hosts in this zone require server verification (https:)" and press the button "Add".

After which the address will appear in the list of Web sites. Press the button "Close".

The tab will re-open "Safety". Press the button "Another".

A window with the name will open "Security Settings - Trusted Sites Zone". Scroll down the list to the title "ActiveX controls and connection modules". ALL, whatever is below this header to the end of the list should be INCLUDED. Scroll all the way down this list and turn on ALL security settings items, and then click “OK”.

After pressing the button "OK" A warning window will appear: “Are you sure you want to change the setting for this zone?”. Press the button "Yes".

If you are encountering an issue where access to a specific site is failing and a message appears in your browser, there is a reasonable explanation for this. The causes and solutions to the problem are given in this article.

SSL TLS protocol

Users of budgetary organizations, and not only budgetary ones, whose activities are directly related to finance, in interaction with financial organizations, for example, the Ministry of Finance, the Treasury, etc., conduct all their operations exclusively using the secure SSL protocol. Basically, in their work they use the Internet Explorer browser. In some cases - Mozilla Firefox.

SSL Error

The main attention when carrying out these operations, and work in general, is paid to the security system: certificates, electronic signatures. The current version of CryptoPro software is used for operation. Concerning problems with SSL and TLS protocols, If SSL error appeared, most likely there is no support for this protocol.

TLS error

TLS error in many cases it can also indicate a lack of protocol support. But... let's see what can be done in this case.

SSL and TLS protocol support

So, when you use Microsoft Internet Explorer to visit an SSL-secured website, the title bar displays Make sure ssl and tls protocols are enabled. First of all, you need to enable support for the TLS 1.0 protocol in Internet Explorer.

If you are visiting a website that runs Internet Information Services 4.0 or higher, configuring Internet Explorer to support TLS 1.0 helps secure your connection. Of course, provided that the remote web server you are trying to use supports this protocol.

To do this in the menu Service select team Internet Options.

On the tab Additionally In chapter Safety, make sure the following checkboxes are selected:

• Use SSL 2.0
• Use SSL 3.0
• Use SSL 1.0

Click the button Apply , and then OK . Restart your browser .

After enabling TLS 1.0, try visiting the website again.

System Security Policy

If they still occur errors with SSL and TLS If you still can't use SSL, the remote web server probably doesn't support TLS 1.0. In this case, you must disable the system policy that requires FIPS-compliant algorithms.

To do this, in Control panels select Administration, and then double-click Local Security Policy.

In Local Security Settings, expand Local policies and then click the button Security Settings.

According to the policy on the right side of the window, double click System cryptography: use FIPS-compliant algorithms for encryption, hashing and signing and then click the button Disabled.

Attention!

The change takes effect when the local security policy is reapplied. Turn it on and restart your browser.

CryptoPro TLS SSL

Update CryptoPro

One of the options to solve the problem is to update CryptoPro, as well as configure the resource. In this case, this is working with electronic payments. Go to Certification Authority. Select Electronic Marketplaces as the resource.

After starting the automatic workplace setup, all that remains is wait for the procedure to complete, then reload browser. If you need to enter or select a resource address, select the one you need. You may also need to restart your computer when setup is complete.

TLS connection errors in Sberbank Business Online are a problem that users of the system sometimes encounter. Recently, remote management of banking operations has gained great popularity. Many companies and private enterprises have appreciated the convenience of the service: now there is no need to waste time visiting the bank, and managing accounts and filling out payment orders can be done right in the office at your desk. As with any system, malfunctions are not uncommon. This cannot be avoided. It is better to know about possible problems in advance so that you can easily deal with them.

The operation of any service is inevitably associated with the presence of isolated connection difficulties

It is impossible to foresee all errors in work, but there are the most common ones, which in most cases can be eliminated independently.

• Incorrect login and password entry. Such an inscription on the monitor indicates that the login and password were indeed entered incorrectly. The solution to the problem is simple: reload the page, log in again, but be very careful about specifying your ID and password.
• Error 401. It appears during login. The reason here may be the operation of the computer itself (outdated version of the OS or browser, blocking by an antivirus, or a simple failure). The solution is as follows: update your browser, install the Business Online bank service in the anti-virus exclusion list, or simply log in again.
• Control error. Occurs when generating a payment document if there are errors in filling out. The system automatically accepts the document as irrelevant. To eliminate this problem, it is worth re-checking all the data entered in the fields of the document, correcting inaccuracies, and re-installing the “payment” check.
• Internal Server Error. There is no need to worry at all and wait for a while: all server failures are handled by bank specialists. It is enough to report this to the technical support service.

This article contains the most common problems in bank services and ways to resolve them.

Problem number 0100

TLS connection error 0100 Sberbank Business Online warns about problems with the certificate. When logging into the system, a procedure is performed to verify and confirm its authenticity. The bank server checks the authenticity of the certificate, the validity period, and compares the URL with the specified address in the certificate.

TLS connection error 0140

There can be several reasons for this problem. Of course, this could be a simple program glitch. But most often this is due to the use of an electronic digital signature. It is a user identifier and is used when approving various documents. Most likely, the signature may have expired and is therefore outdated and not valid. To do this you need to update it. If the validity period has not yet expired, you need to check that the fields are filled out correctly. You may need to install Capicom to attach a digital signature. In any case, you need to react quickly and contact the bank’s technical support service for help, having previously indicated the code and actions that preceded the occurrence of the error. To avoid similar problems in the future, you need to know when the signature period expires.

You can check this in the certificate store. The replacement should be carried out in advance: during the renewal of the certificate, situations may arise in the work when you need to urgently sign any payment documents.

Users often encounter difficulties when working with bank services

Problem number 0160

If the message “TLS connection error 0160” appears on the screen in the Sberbank system, this indicates that the service was unable to verify the authenticity of the client certificate. This can mean one thing: the PIN code has expired. The solution is simple - contact a banking institution to obtain a new token and PIN codes.

Conclusion

Many business structures work with the Sberbank Business Online program, and cases of TLS connection errors are not uncommon. Since the cash flow of many companies is significant, the decision to fix the problem should be made immediately. We cannot hope that this is an ordinary system failure. This could be as bad as a server problem. But most often this occurs due to a mismatch of the requirements for the technical equipment when connecting to the program. You should take the software seriously so that similar problems do not arise in the future. In any case, to speed up the resolution of this issue, you should immediately contact the technical support service of the banking institution.

When visiting a website, if you encounter an error in the first place it is not your fault the error. This can happen with any browser, including Chrome, Yandex, Firefox, Internet Explorer or Edge browser. When you try to connect to a website, you may receive another error message. and displays the following error code ERR_SSL_PROTOCOL_ERROR. In most cases, this error occurs due to a problem with the server or an issue with the SSL certificate that is being rejected by the browser because the certificate has a problem. It is also possible that the downloaded certificate on your PC is corrupt or your PC is configured incorrectly for TSL/SSL. In this guide, we will go over some tips to fix this error.

Error message: This site cannot provide a secure connection. Error code: or ERR_SSL_PROTOCOL_ERROR.

A quick solution to these errors may be that the date on the computer and the antivirus are not correct. What to do?

• Check and set the correct date, date and zone.
• Disable your antivirus product temporarily or add the certificate to scan exclusions. Disabling your antivirus in such a situation can be a dangerous decision if you have something to lose (card data, personal data, passwords). You need to be sure that the website is not malicious.

Before you begin, I advise you to familiarize yourself with what it is SSL 3/TLS on Wikipedia or in Yandex or Google search. Since SSL and TLS protocols are not secure. This may be a temporary solution.

1. Can you access a website using HTTP?

Try to access the site using only HTTP at the beginning of the URL and if you see the same issue, the problem is with the website. If you are a website owner, you need to check two things:

• Is your SSL certificate name mismatched? Make sure that the sites name and alias match the actual URL of the website where the certificate is installed.
• Does your server use RC4 Cipher? If yes, you need to fix it.

As a website owner, you also need to check if your CDN supports SSL. Most CDNs now support SSL and all you need to do is configure it correctly. Otherwise, contact your hosting technical support, they will help you.

2. Enable SSL 3/TLS and disable QUIC protocol

Chrome And Yandex browser:

Disabling the QUIC Protocol method in Chrome or Yandex is one of the proven methods to fix the SSL error. Therefore, if you want to disable the QUIC protocol in your browser, then copy the following address and paste it into the address bar of your browser chrome://flags/#enable-quic, then find Experimental QUIC protocol and turn it off, Disabled. Restart your browser.

If it doesn’t help, then open the Chrome or Yandex browser and enter in the address bar chrome://flags. Next, in the search field we write TLS and enable. Also, in the same search field, write SSL and enable him too. Enabled is translated as turned on.

Edge And Internet Explorer:

Press a combination of buttons Win+R and enter inetcpl.cpl,

Go to the "Advanced" tab and enable " Use TLS 1.1" And " Use TLS 1.2". There is a moment, if it doesn’t work, then go back to these parameters and turn it on again SSL 3.0.

Firefox:

Enter about:config in the address bar and press Enter. Next, in the search, type tls and find security.tls.version.min. Double-click this parameter and set the value 3 to make the protocol work TLS 1.3. Click "OK" and restart your Firefox browser.

3. Remove SSL state

Press a combination of buttons Win+R and enter inetcpl.cpl, to open Internet properties.