Creation of an electronic key. How is the EDS generated? Fig.1 Key generation workstation

Instructions for generating an electronic signature key

(version dated 20.09.2016)

Effective September 1, 2016 a new version regulations of the Certification Center of the Federal Treasury, approved by Order No. 280 dated July 25, 2016. Please familiarize yourself with the updated stages of obtaining certificates
19.09.2016 released a new version 1 Key generation workstation 10.0.0.44 n, it needs to be installed after uninstalling the previous version.

List of used abbreviations:

workstation	automated workplace
ASFC	Automated system of the Federal Treasury
GAS	State automated system
GMU	State municipal institution
PPO	Applied software
PC	Personal electronic computer
CIPF	Means cryptographic protection information
SUFD	Remote financial document management system
TOFC	Territorial body of the Federal Treasury
FC	Federal Treasury

Before you start, make sure that your workstation has:

CIPF "Crypto PRO CSP" (version 3.6 or newer);
AWP for Key Generation (the current version of the AWP for Key Generation can be downloaded at ftp://ftp.ufk39.ru/RCR/Distrib/ or with connected CIPF "Continent AP" on start page SUFD portal ( http://10.39.4.123). Attention, in case of installation of "Workstation of Key Generation" on workstation, designed to work in the software "SUFD", you must use the instructions for setting up an additional workstation.

ATTENTION!!! Key generation must be carried out in the Key Generation Workstation no lower than the version 1.0.0.44 n. Before installing the specified version, it is recommended to uninstall the previous one.
Skilled the certificate is required to work in all systems (SUFD, CIPF Continent AP, Procurement website under 223-FZ, EIS (unified information system in the field of procurement) under 44-FZ, State Medical University, GAS "Upravlenie", GIIS "Electronic budget", Portal "Gosuslugi", etc.).

Connect a blank formatted key medium (flash drive, floppy disk, Ru-token, etc.) to system unit PC.

The carrier must be considered in the "Journal of accounting for machine storage media" (the form was approved by order of the FAPSI dated June 13, 2001 No. 152), a form with an example of filling out can be downloaded from the website of the Office.

In the Key Generation Workstation, click the "Create a certificate request" button (see Fig. 1).

Fig.1 Key generation workstation

Select the request type (see Figure 2).

To create a request for individual– “Request for Applicant’s Certificate”

Fig.2 Dialog box with a choice of request type for key generation

In case you already have there is a data certificateTIN of an individual, then select "Generate a certificate request based on an existing certificate" (see Figure 3) and click "Next".

When no certificate, select the required option, and click "Next", then proceed to step 7 of these Instructions.

IMPORTANT if your previous certificate contained the TIN of a legal entity, and you need a certificate for an individual, then NOT select the type "Generate a certificate request based on an existing certificate" because in this case, only a certificate for a legal entity will be created, in this case, select the “Request for an Applicant’s certificate” item and fill in all the parameters manually.

Fig.3 Dialog box with a choice of request type for key generation

In the window that appears, click the "Find" button (see Fig. 4) and select the previous certificate file (with the CER extension) or request file (with the REQ extension) (see Fig. 5, Fig. 6, Fig. 7) and click the "Next" button.

Fig.4 Dialog box for file selection

Fig.5 Dialog box for file selection

Fig.6 Dialog box for selecting a file

Fig.7 Dialog box with a choice of request type for key generation

In the window that appears, specify the required user roles (see Fig. 8). If an organization has several authorizations in the field of placing orders (for example, the Customer and the Financial Authority), each such authorization requires the generation of INDIVIDUAL KEY . IMPORTANT: for certificate Legal entity only the "Client Authentication" role is required, which is mandatory for all types of certificates. Role Selection Examples for Common information systems are given in Appendix 1 to this Instruction.

IMPORTANT: for clients, working in SUFD: if an employee needs to work (for example, create documents) in SUFD, but he is not included in the "Signature Sample Card", then such an employee needs to obtain a non-signing certificate for himself, with the following permissions: "Client Authentication" and "ASFC" (only external tick see Appendix 1, Fig.2).

Fig.8 Dialog box. User Roles

In the window that appears, fill in all the required open to write the field (see Fig.9).

Fig.9 Dialog box with Applicant data

"Surname" - fill in the Applicant's Surname.
"Name Patronymic" - fill in the Name and Patronymic of the Applicant (if any), as indicated in the identity document.
"E-mail" - fill in the address Email Applicant, personal information will be sent to this address, for example, login and password for the first login to the information system.
"Position" - is filled in only for a request for a certificate of a Legal Entity. When filling given field for the heads of the organization, it is necessary to take into account the data of the Unified State Register of Legal Entities, for other employees of the organization it is necessary to be guided by the staffing table.
“Formalized position” - the field becomes active when choosing roles from the “ASFC” group You must choose from 2: “ Supervisor" (if the right of the first signature) or " Chief Accountant” (if the right of the second signature), the right of the first or second signature is determined in the document “Signature Sample Card” submitted by your organization to the Federal Treasury Department for the Kemerovo Region at the place where your account is serviced. The only exception is when an employee turned off in the Signature Sample Card, but he signing of separate documents is required(non-settlement) in terms of cash services - you must select " Operationist».
"Last Name First Name" - the field is filled in automatically.
"Organization" - fill in only COMPLETE name of company, name should symbol by symbol match the information from the Unified State Register of Legal Entities. The EXCEPTION IS the name of the organization ONLY for certificate Legal entity , you need to fill in a short name, provided that the full name is longer 164 characters in other cases, the full name is filled in if it does not exceed 164 characters.
"Unit 1st level" - to be completed only when generating a certificate Legal entity.
"Division of the 2nd level" - to be completed only when generating a certificate Legal entity. This field is filled only if an organization (Legal entity) has separate subdivisions, for example, Kemerovo State University (Full name is filled in the "Organization" field) has a branch in the city of Belovo (the name of the branch is filled in the "Level 1 subdivision" field) which has "Accounting" structural subdivisions (to be completed in the “Level 2 Subdivision”) (see Fig. 10).
"Name locality» - fill in the name of the location of the Applicant Organization, for example, «Tashtagol».
Address (street, house) - filled in only when generating a certificate Legal entity. This field indicates the address of the location of the Legal Entity of the Applicant Organization.
"Country" - fill in with the value "RU".
"Name of the subject" - select from the list "Kemerovo region".
"TIN" - for a certificate of an individual, fill in the value of the TIN (12 characters) of the Applicant, for a certificate of a Legal entity, fill in the value of the TIN (10 characters, with 2 zeros in front, for example, 004205654585) of the Legal entity.
"OGRN" - filled out only when generating a certificate Legal entity. The value of the OGRN of the Legal entity is indicated.
"SNILS" - the value of the SNILS of the Applicant is indicated.
“Account number of the UIS organization” - the field becomes active only when selected in the previous step when choosing roles from the section “Working with the UIS”. The field is filled with the value of the SDR code (code of the customer's consolidated list), this value can be viewed on the website http:// www. purchases. gov. en to search for YOUR organization, in the register of organizations: tab " Additional Information” - the value “Unique account number of the organization” (11 digits), if there is no specified tab, then in the information “Registration data of the organization” the value is: “SPZ code” (11 digits). (See Fig.11 or Fig.12)
"GMU account number" - the field becomes active when selected in the previous step when selecting roles from the section "work with GMU". The field is filled in with the value of the account number of the GMU of the Applicant Organization, this value can be viewed on the website http:// www. bus. gov. en in the information about the organization “PSMU Code” (see Fig. 13) or “Registry number in the list of GMU” (see Fig. 14).
"Protection class" - select the value "KS1" if at your workplace (computer) NOT installed hardware protection "Sobol", "Accord", etc. (hardware protection with a random number generator), "KS2" - if the specified protection is installed.
"Exportable private key" - the value "Yes" is always indicated.

Obtaining an ES certificate by certain types legal entities

In accordance with the clarifications of the Federal Treasury ( letter of the Federal Treasury dated July 21, 2016 No. 07-04-05 / 12-529), representatives the legal entities listed below in connection with the non-placement of the procurement provision in accordance with the Federal Law of July 18, 2011 No. 223-FZ, it is necessary in the field " Account number of the EIS organization» indicate value « 00000000000 »:

Electronic platform operator
Information system operator
Organization providing services for servicing users of the EIS
A legal entity carrying out procurement in accordance with Part 4 of Article 5 of the Federal Law of December 30, 2008 N 307-FZ "On Auditing"

After filling in and verifying all the fields, click the "Next" button.

Fig.10. An example of filling in data for a legal entity

Fig.11 Dialog box from http:// site www. purchases. gov. en

Fig.12 Dialog box from http:// site www. purchases. gov. en

Fig.13 Dialog box from the site www. bus. gov. en. Register of organizations

Fig.14 Dialog box from the site www. bus. gov. en. Registration data of the organization

In the window that appears, click "Run" (see Fig. 15)

Fig. 15 Dialog box of key generation workstation

At the next step, you need to select the type of media, depending on the media prepared in the first step, see step 1.

IMPORTANT:PROHIBITED write the private key to " Registry».

In the next window (see Fig.16) enter the password and its confirmation. ATTENTION! Remember the entered password, if it is lost, recovery is impossible. These fields can be left blank, then when signing electronic signature no password will be requested.

Fig.16 Entering a password for the created private key

At the next stage, the system will offer to save the certificate request file (see Fig. 17).

Fig.17 Dialog box. Saving a certificate request to a file
This request file must be brought to removable media information (flash drive, floppy disk, etc.), not containing key containers(private keys) of users , to the point of registration of the Certification Center of the Federal Treasury, according to the territorial location of your organization.

Both copies of the application must be completed and submitted to the Certification Center of the Federal Treasury, according to the territorial location of your organization.

Fig.18. Print form statements

Sample certification documents are available at information resource on the Internet ftp:// ftp. ufk39. en , information portal by the address http://10.39.4.123(in a secure network segment, section Certification Authority), on the official website of the Federal Treasury Department for the Kemerovo Region http://kemerovskaya.roskazna.ru . (section GIS -- Certification Authority)

Contact details of the Department of privacy and security of information

Office of the Federal Treasury for the Kemerovo Region:
head of department: Opalev Kirill Nikolaevich (384-2) 719-005, e-mail: opalevkn@ ufk39. en

Deputy Head of Department: Rodionov Stanislav Nikolaevich (384-2) 719-022,

certification specialists: (384-2) 719-034,719-164, 719-163,

specialists in work with EP and CIPF means: (384-2) 719-161, 719-162, 719-022.

e-mail: uuc@ ufk39. en
The contact details of operators of remote regional registration centers are posted on the website of the Office on the Internet in the section GIS - Certification Authority - Contacts

Annex 1

Common examples of distribution of roles for work in various information systems
All certificates require the Client Authentication role. The specified role is the only for certificate Legal entity.

IMPORTANT only for the section "Working with UIS"!!! for one certificate, only one group of roles from the section "Working with the UIS" can be involved, for example, "Customer" or "Financial Authority", etc.

Please note that the roles required earlier are "Email Security" and "Server Authentication" are not mandatory roles.

Rice. 1. Mandatory user roles for working in SUFD with the right to sign

Rice. 2. Mandatory user roles for working in SUFD WITHOUT signing rights

Rice. 3. Possible user roles for working on the site http:// www. bus. gov. en

Rice. 4. Possible user roles for working on the site http:// www. purchases. gov. en as part of the work on the Federal Law No. 44. Personal Area- Customer.

Rice. 5. Possible user roles for working on the site http:// www. purchases. gov. en as part of work under Federal Law No. 44. Personal account - Financial authority.

Rice. 6. Mandatory user role for work in the GIS "Electronic budget"
Change Registration Sheet

Date modified

BASIC CONCEPTS

KSKPEP – a qualified certificate of the electronic signature verification key.
CEP– qualified electronic signature.

Crypto provider – means of protection of cryptographic protection of information. A program with the help of which the closed part of an electronic signature is generated and which allows you to work with an electronic signature. This checkbox is checked automatically.

Exported Key – the possibility of copying an electronic signature to another medium. If the checkbox is unchecked, copying the electronic signature will be impossible.

paintwork – left button mice.

PKM – right button mice.

CRM-AGENT- an application developed by CA specialists to simplify the procedure for generating a key pair, creating a request and writing a certificate.

Before the start of generation

After visiting the certification center and going through the identity verification procedure, the CA sent a letter to the e-mail address you specified in the application containing a link for generation. If you have not received a letter, please contact your manager or the CA Technical Support for contact number from this guide.

Open the link to generate from the email in one of the recommended browsers:Google Chrome, Mozilla Firefox, Yandex.Browser. If you are already in one of the above browsers, click on the link paintwork or PKM> "Open link in new tab". The generation page (Fig.1) will open in a new window.

When you open the link, an initial warning will appear. Read it if you are using storage media to store the CEP.Jakarta LT . Learn more about media inbelow. If you are using a different media, then click the button "Close".

Fig.1 - Generation page

Application installation

Click on the link"Download app" to start downloading. If nothing happened after clicking, click on the link PKM > "Open link in new tab". After downloading the application, run the installation.

It is recommended to disable anti-virus software before downloading the program !

During app installation « crm - agent » a message will appear asking for access (Fig.2).

Fig. 2 - Access request

Click the button "Yes".

Providing access

After the installation of the application is completed, return to the page with the generation. A message will appear about "Granting access" (Fig. 3).

Fig.3 - Access to the certificate store

Click "Continue" and, in the window that appears, "Grant access"(Fig.4).

Fig.4 - Access to the certificate store 2

If the button does not appear "Continue"

If after installing the application « crm - agent » , the link to download the application has not disappeared, the connection may be blocked by your security system.

To resolve the situation, you must:

Disable the antivirus installed on your computer;

Open a new tab in the browser;

Enter the address without spaces in the address bar of the browser - 127.0.0.1:90 - and go (pressEnter on keyboard);

When a browser message appears "Your connection is not secure", add the page to browser exceptions. For example,Chrome: "Additional" - "Go to the site anyway". For other browsers, use the appropriate developer instructions.

After the error message appears, return to the page with the generation and repeat Point 2 this manual.

Installing CryptoPRO CSP

If you do not have pre-installed crypto providers, after the stage of granting access, links for downloading CryptoPRO will appear (Fig. 5).

It is important: application « crm - agent » detects any cryptographic providers on the computer, and if you have a system other than CryptoPRO CSP program (eg.VIPNET CSP ), contact the experts technical support TC for advice.

Click on the link "CryptoPRO 4.0" on the generation page or on a similar link below to download the CryptoPRO installation file to your computer.

CryptoPro CSP 4.0 - version for OS Win 7 / 8 / 10

After the download is complete, openzip-archive using an appropriate archiver program (for example,Win - RAR ). Inside there will be the CryptoPRO installation file itself. Run it and install with default options. During the installation process, you may see the following window:

Fig.5 - Installing CryptoPRO

Skip the window by clicking "Further". CryptoPRO installation is completed.

Installing the driver for the token

Signatures can be stored in the computer registry, on conventional flash drives and on specialusb-tokens. The list of tokens, pin codes and links to the software are presented in the table below (Table 1).

Table 1 - Drivers for secure media

USB media type	Appearance USB media	Driver download link	PIN code
ruToken

Instructions for generating an electronic signature key

(version dated 11/21/2017)

List of used abbreviations:

workstation	Automated workplace
ASFC	Automated system of the Federal Treasury
GAS	State automated system
GMU	State municipal institution
PPO	Application software
PC	Personal electronic computer
CIPF	Means of cryptographic information protection
SUFD	Remote financial document management system
TOFC	Territorial body of the Federal Treasury
FC	Federal Treasury

Before you start, make sure that your workstation has:

CIPF "Crypto PRO CSP" (version 4.0 (4.0.98.42));
AWP for Key Generation (the current version of the AWP for Key Generation can be downloaded at ftp://ftp.ufk39.ru/RCR/Distrib/ or when the CIPF "Continent AP" is connected on the start page of the SUFD portal ( http://10.39.4.123). Attention, in case of installing "Key Generation Workstation" on a workstation designed to work in the "SUFD" software, you must use the instructions for setting up an additional workstation.

ATTENTION!!! Key generation must be carried out in the Key Generation Workstation no lower than the version 1.0.0.44 n. Before installing the specified version, it is recommended to uninstall the previous one.
Connect a blank formatted key medium (flash drive, floppy disk, Ru-token, etc.) to the PC system unit.

The carrier must be considered in the "Journal of accounting for machine storage media" (the form was approved by order of FAPSI dated 13.06.2001 No. 152), the form with an example of filling out can be found .

In the Key Generation Workstation, click the "Create a certificate request" button (see Fig. 1).

Fig.1 Key generation workstation

Select the request type (see Figure 2).

To create a request for an individual - "Request for the Applicant's Certificate"

Fig.2 Dialog box with a choice of request type for key generation

In case you already have there is a data certificateTIN of an individual, then select "Generate a certificate request based on an existing certificate" (see Figure 3) and click "Next".

When no certificate, select the required option, and click "Next", then proceed to step 7 of these Instructions.

Fig.3 Dialog box with a choice of request type for key generation

In the window that appears, click the "Find" button (see Fig. 4) and select the previous certificate file (with the CER extension) or request file (with the REQ extension) (see Fig. 5, Fig. 6, Fig. 7) and click the "Next" button.

Fig.4 Dialog box for file selection

Fig.5 Dialog box for file selection

Fig.6 Dialog box for selecting a file

Fig.7 Dialog box with a choice of request type for key generation

In the window that appears, specify the required user roles (see Fig. 8). IMPORTANT: for certificate Legal entity only the "Client Authentication" role is required, which is mandatory for all types of certificates. Examples of choosing roles for common information systems are given in Appendix 1 to this Instruction.

Fig.8 Dialog box. User Roles

In the window that appears, fill in all the required open to write the field (see Fig.9).

Fig.9 Dialog box with Applicant data
Rules for filling in the fields (read all):

"Surname" - fill in the Applicant's Surname.
"Name Patronymic" - fill in the Name and Patronymic of the Applicant (if any), as indicated in the identity document.
"E-mail" - fill in the Applicant's e-mail address, personal information will be sent to this address, for example, login and password for the first entry into the information system.
"Position" - is filled in only for a request for a certificate of a Legal Entity. When filling out this field for the heads of the organization, it is necessary to take into account the data of the Unified State Register of Legal Entities, for other employees of the organization it is necessary to be guided by the staffing table.
“Formalized position” - the field becomes active when choosing roles from the “ASFC” group You must choose from 2: “ Supervisor" (if the right of the first signature) or " Chief Accountant” (if the right of the second signature), the right of the first or second signature is determined in the document “Signature Sample Card” submitted by your organization to the Federal Treasury Department for the Kemerovo Region at the place where your account is serviced. The only exception is when an employee turned off in the Signature Sample Card, but he signing of separate documents is required(non-settlement) in terms of cash services - you must select " Operationist».
"Last Name First Name" - the field is filled in automatically.
"Organization" - fill in only COMPLETE name of company, name should symbol by symbol match the information from the Unified State Register of Legal Entities. The EXCEPTION IS the name of the organization ONLY for certificate Legal entity , you need to fill in a short name, provided that the full name is longer 164 characters in other cases, the full name is filled in if it does not exceed 164 characters. For individual entrepreneurs this field contains the Surname, Name, Patronymic of the individual entrepreneur.
"Unit 1st level" - to be completed only when generating a certificate Legal entity.
"Division of the 2nd level" - to be completed only when generating a certificate Legal entity. This field is filled only if an organization (Legal entity) has separate subdivisions, for example, Kemerovo State University (Full name is filled in the "Organization" field) has a branch in the city of Belovo (the name of the branch is filled in the "Level 1 subdivision" field) which has "Accounting" structural subdivisions (to be completed in the “Level 2 Subdivision”) (see Fig. 10).
"Name of settlement" - fill in the name of the settlement where the Applicant Organization is located, for example, "Tashtagol".
Address (street, house) - filled in only when generating a certificate Legal entity. This field indicates the address of the location of the Legal Entity of the Applicant Organization.
"Country" - fill in with the value "RU".
"Name of the subject" - select from the list "Kemerovo region".
"TIN" - for a certificate of an individual, an individual entrepreneur, fill in the value of the TIN (12 characters) of the Applicant, for a certificate of a Legal entity, fill in the value of the TIN (10 characters, with 2 zeros in front, for example, 004205654585) of the Legal entity.
"OGRN" - filled out only when generating a certificate Legal entity. The value of the OGRN of the Legal entity is indicated.
"SNILS" - the value of the SNILS of the Applicant is indicated.
"Account number of the organization UIS / SDR" - the field becomes active only when a request is generated based on an existing certificate, if the section "Working with the UIS" was filled out during the previous generation. IMPORTANT!!! To work on the EIS website ( http :// www . purchases . gov . en ) separate powers are no longer required, all the necessary roles for users are set by the administrator of the organization when registering a certificate in the UIS. In this regard, when generating a request based on an existing certificate, if the section “Working with the UIS” was completed during the previous generation, you should return to the stage of specifying the authorities by clicking the “Back” button and clear the section “Working with the UIS”.
"GMU account number" - the field becomes active when selected in the previous step when selecting roles from the section "work with GMU". The field is filled in with the value of the account number of the GMU of the Applicant Organization, this value can be viewed on the website http :// www . bus . gov . en in the information about the organization “PSMU Code” (see Fig. 11) or “Registry number in the list of GMU” (see Fig. 12).
"Protection class" - select the value "KS1" if at your workplace (computer) NOT installed hardware protection "Sobol", "Accord", etc. (hardware protection with a random number generator), "KS2" - if the specified protection is installed.
"Exportable private key" - the value "Yes" is always indicated.

Obtaining an ES certificate by certain types of legal entities

Electronic platform operator
Information system operator
Organization providing services for servicing users of the EIS
A legal entity carrying out procurement in accordance with Part 4 of Article 5 of the Federal Law of December 30, 2008 N 307-FZ "On Auditing"

After filling in and verifying all the fields, click the "Next" button.

Fig.10. An example of filling in data for a legal entity

Fig.11 Dialog box from the site www. bus. gov. en. Register of organizations

Fig.12 Dialog box from the site www. bus. gov. en. Registration data of the organization

In the window that appears, click "Run" (see Fig. 13)

Fig. 13 Dialog box of key generation workstation

At the next step, you need to select the type of media, depending on the media prepared in the first step, see step 1.

IMPORTANT:PROHIBITED write the private key to " Registry».

In the next window (see Fig.14) enter the password and its confirmation. ATTENTION! Remember the entered password, if it is lost, recovery is impossible. These fields can be left blank, then the password will not be requested when signing with an electronic signature.

Fig.14 Entering a password for the created private key

At the next stage, the system will offer to save the certificate request file (see Fig.15).

Fig.15 Dialog box. Saving a certificate request to a file
This request file must be brought on a removable storage medium (flash drive, floppy disk, etc.), not containing key containers (private keys) of users , to the point of registration of the Certification Center of the Federal Treasury, according to the territorial location of your organization.

Both copies of the application must be completed and submitted to the Certification Center of the Federal Treasury, according to the territorial location of your organization.

Fig.16. Printed application form

Sample documents for certification are posted on the information resource on the Internet ftp://ftp.ufk39.ru/RCR/Shablon/, information portal at http://10.39.4.123(in a secure network segment, section Certification Authority), on the official website of the Federal Treasury Department for the Kemerovo Region http://kemerovskaya.roskazna.ru . (section GIS -- Certification Authority)

Contact details of the Department of privacy and security of information

Office of the Federal Treasury for the Kemerovo Region:
head of department: Opalev Kirill Nikolaevich (384-2) 719-005, e-mail: opalevkn@ ufk39. en

Deputy Head of Department: Rodionov Stanislav Nikolaevich (384-2) 719-022,

certification specialists: (384-2) 719-034,719-164, 719-163,

specialists in work with EP and CIPF means: (384-2) 719-161, 719-162, 719-022.

Annex 1

IMPORTANT!!! To work on the site http :// www . purchases . gov . en separate powers are not required, all the necessary roles are set by the administrator of the organization when registering a certificate in the UIS.

Please note that the roles required earlier are "Email Security" and "Server Authentication" are not mandatory roles.

Rice. 1. Mandatory user roles for working in SUFD with the right to sign

Rice. 2. Mandatory user roles for working in SUFD WITHOUT signing rights

Rice. 3. Possible user roles for working on the site http:// www. bus. gov. en

Rice. 4. Mandatory role of users to work in the GIS "Electronic budget", on the sitehttp :// www . purchases . gov . en
Change Registration Sheet

The license for the Taxnet-KM program contains:

− serial number licenses for PP "Taxnet-KM";

− validity period of the license – the license for Taxnet-KM is issued for a period of 1 year;

− token expiration dates – the date of formation and expiration of the token is indicated;

− phone number to which the message will be sent additional code for authorization in the Taxnet-KM program and informational messages.

Attention: The token is valid for 7 days from the date of issue of the CA.

To install the Taxnet-KM program and use it further, you will need:

− Internet access from your computer;

− one of the operating systems installed on your computer Windows systems 7/8/10;

− installed CIPF crypto provider CryptoPro CSP(the procedure for installing the program is described in the instructions);

− installed drivers to Token (or a driver for another removable media that will be used to store private keys).

Attention: Installation must be done by a user with administrator rights.

The sequence of actions for the production of keys and certificates using the Taxnet-KM program:

1. Download the current version of the Taxnet-KM program from the Taxnet CJSC website (.

2. Run the downloaded file Taxnet_KeyManager.exe.

3. Insert the key carrier received from the CA into the computer.

As a key carrier can be used: floppy disk, flash drive, secure flash drive (RuToken or eToken), smart card.

If a secure RuToken or eToken flash drive is used as a key carrier. You can determine what type of media by the inscription on it.

Attention: CD cannot act as a key carrier. The fact is that CryptoPro CSP, when using ES, overwrites files masks.key And primary.key located on the key carrier. By virtue of specifications On a CD, this operation is not possible or difficult.

4. Click on the control panel Certificate request.

5. In the window that opens, enter the login and password received from the CA (indicated in the license for the Taxnet-KM program) and click Further.

6. Enter the code from the SMS received on the phone (the phone number to which SMS will be received is indicated in the license for the Taxnet-KM program). If SMS does not arrive within 10 minutes, press Receive SMS again.

7. Check the certificate request details and click Further.

If you find errors in the data, contact the CA.

8. Select the key carrier using the scroll bar and press OK.

Select device:

− Aladdin Token JC 0 or – if eToken is used as a key carrier;

− – if RuToken is used as a key carrier;

− – if a floppy disk is used as a key medium;

− – if a flash drive is used as a key medium.

9. To generate a private key, move the mouse cursor in the area of the random number generator window.

10. Enter the password for the key carrier if Token is used as the key carrier (the default pin code for RuToken is 12345678, for eToken it is 1234567890 or your pin code if it was set). If another device is used as a key carrier (floppy disk, flash drive, registry), in the window that appears, set a password for the container being created, confirm its entry and click OK.

Attention: Remember and save the password for the created container. We recommend that you write down the password in the ES certificate revocation card received by the VCA in the appropriate field. The specified password will be requested each time the system accesses private key. If the password is lost, further use of the key becomes impossible!

11. In the window that opens with the message "Your request has been successfully queued for processing" click OK.

12. Make sure that in the opened window "Display the status of the request and install the certificate" the status of the request is "In progress".

Attention: Average request processing time is 10 minutes. At this time, you can minimize the program window or close it. When you close the program to re-enter, you will need to perform steps 2 to 6 of paragraphs of this instruction.

13. 10 minutes after submitting the request, click Update.

14. Verify that after downloading the data from the server, the status of the request changes to Approved (certificate issued) .

Attention: A notification about the production of a certificate will be sent to your phone in the form of SMS.

15. To install the certificate, click Install certificate.

16. In the opened window with information about the certificate, click Confirm receipt.

17. Enter the password for the key carrier if Token is used as the key carrier (the default pin code for RuToken is 12345678, for eToken it is 123456789 or your pin code if it has been set) in order to activate the Token. If another device (floppy disk, flash drive, registry) is used as a key carrier, enter the password that was created earlier when generating keys.

18. Obtaining the certificate is completed. The certificate is installed in the personal store.

20. To print the Taxnet-KM license, click Print the certificate.

21. If additional registration in external systems (for example, on electronic trading platforms) is required before using the certificate, then a corresponding notification will be issued in the program. Additional registration of the certificate is carried out by employees of the CA. After the certificate is registered, an SMS notification will be sent. If additional registration of the certificate is not required, then it can be used immediately after receipt.

Top

Date modified