Hardware and software setup

home Mobile
Mobile

Cryptopro does not see the JaCarta key, we decide in a minute. Key Certificates for Verification of Electronic Signatures Possible Causes with Container Definition

Attention! From 01/01/2020, in the electronic document management system of CJSC VTB Specialized Depository, qualified certificates should be used only in accordance with GOST R 34.10-2012

1. Requirements for the organization and security of the operation of CIPF and cryptographic keys

Before using CIPF, keys electronic signatures and certificates of keys for verifying electronic signatures, you should carefully read the requirements for organizing and ensuring the security of the operation of cryptographic information protection tools and keys of electronic signatures

Title of the document Download document
Instructions for Ensuring the Security of Operation of Electronic Signature Means (Means cryptographic protection information) in the electronic document management system of CJSC VTB Specialized Depository Download.pdf
Guidance on ensuring the security of using a qualified electronic signature and means of a qualified electronic signature (SKZI) Download.pdf

2. Certificates of CAs

Certificate Name Download certificate Certificate
valid from:
Certificate of the Ministry of Telecom and Mass Communications of Russia gus_gost12.cer 06.07.2018
Head CA certificate guc.cer 20.07.2012
CA certificate ca-vtbsd_gost12.cer 10.08.2018
CA certificate ca-vtbsd_2017.cer 10.04.2017
CA certificate ca-vtbsd_2015.cer 12.05.2015
CA certificate ca-vtbsd_2013.cer 17.06.2013

3. Register of certificates of keys for verifying electronic signatures of the Certification Center of CJSC VTB Specialized Depository

Certificate Registry Address Go to the Certificate Registry
http://ca.site

4. Certificates of keys for verification of electronic signatures of Authorized representatives of CJSC VTB Specialized Depository and pension fund Russian Federation

Certificates of keys for verification of electronic signatures of Authorized representatives of CJSC VTB Specialized Depository

Certificates of keys for verifying electronic signatures of Authorized representatives of the Pension Fund of the Russian Federation

Authorised representative Alias ​​of the Authorized Representative Download certificate Certificate
valid in SED:
Prokhorov Vladimir Evgenievich Pseudonym = 00002-10

LLC VTB Capital Broker (VTBC Broker), License of a professional participant in the securities market to carry out brokerage activities No. 045-12014-100000, issued: February 10, 2009, License of a professional participant in the securities market to carry out dealer activities No. 045-12021-010000 , issued: February 10, 2009, License of a professional participant in the securities market for depository activities No. 045-12027-000100, issued: February 10, 2009

  1. The content of the site and any pages of the site (the "Site") is for informational purposes only. The site is not and should not be considered as an offer by VTBC Broker to buy or sell any financial instruments or provide services to any person. The information on the Site cannot be considered as a recommendation for investing funds, as well as guarantees or promises in the future of the return on investment.

    No provisions of the information or materials presented on the Site are and should not be considered as individual investment recommendations and / or the intention of VTBC Broker to provide investment advisory services, except on the basis of agreements concluded between the Bank and clients. VTBC Broker cannot guarantee that the financial instruments, products and services described on the Site are suitable for all persons who have read such materials and / or correspond to their investment profile. The financial instruments mentioned in the information materials of the Site may also be intended exclusively for qualified investors. VTBC Broker is not responsible for the financial or other consequences that may arise as a result of your decisions regarding financial instruments, products and services presented in the information materials.

    Before using any service or purchasing a financial instrument or investment product, you must independently assess the economic risks and benefits of the service and / or product, the tax, legal, accounting consequences of concluding a transaction when using a particular service, or before acquiring a particular financial instrument or investment product, its willingness and ability to take such risks. When making investment decisions, you should not rely on the opinions expressed on the Site, but should make your own analysis of the financial position of the issuer and all the risks associated with investing in financial instruments.

    Neither past experience nor the financial success of others guarantees or determines the same results in the future. The value or income of any investment mentioned on the Site may change and/or be affected by changes in market conditions, including interest rates.

    VTBC Broker does not guarantee the profitability of investments, investment activities or financial instruments. Before making an investment, you must carefully read the conditions and / or documents that govern the procedure for their implementation. Before purchasing financial instruments, you should carefully read the terms of their circulation.

  2. None of the financial instruments, products or services mentioned on the Site are offered for sale or sold in any jurisdiction where such activity would be contrary to the securities laws or other local laws and regulations or would oblige VTBC Broker to comply with the requirement registration in such jurisdiction. In particular, we would like to inform you that a number of states have introduced a regime of restrictive measures that prohibit residents of the respective states from acquiring (assisting in acquiring) debt instruments issued by VTB Bank (PJSC). VTBC Broker invites you to make sure that you have the right to invest in the financial instruments, products or services mentioned in the information materials. Thus, VTBC Broker cannot be held liable in any form if you violate the prohibitions applicable to you in any jurisdiction.
  3. All numerical and calculated data on the Site are given without any obligation and solely as an example of financial parameters.
  4. This Site does not constitute or is intended to provide legal, accounting, investment or tax advisory services and, therefore, no reliance should be placed on the contents of the Site in this regard.
  5. VTBC Broker makes reasonable efforts to obtain information from reliable, in its opinion, sources. At the same time, VTBC Broker does not make any representations that the information or estimates contained in the information material posted on the Site are reliable, accurate or complete. Any information presented in the materials of the Site may be changed at any time without prior notice. Any information and estimates provided on the Site are not the terms of any transaction, including a potential one.
  6. VTBC Broker hereby informs you about possible availability conflict of interest when offering the financial instruments discussed on the Site. A conflict of interest arises in the following cases: (i) VTBC Broker may be an issuer of one or more of the financial instruments in question (a beneficiary of the distribution of financial instruments) and a member of the VTB group of persons (hereinafter referred to as the "group member") and at the same time the group member provides brokerage services and/or trust management services (ii) the group member represents the interests of several persons simultaneously when providing them with brokerage, advisory or other services and/or (iii) the group member has its own interest in making transactions with a financial instrument and at the same time provides brokerage, advisory services and/or ( iv) a group member, acting in the interests of third parties or the interests of another group member, maintains prices, demand, supply and (or) trading volume in securities and other financial instruments, acting, inter alia, as a market maker. Moreover, group members may be and will continue to be in contractual relationships for the provision of brokerage, custody and other professional services with persons other than investors, while (i) group members may receive at their disposal information of interest to investors, and participants the groups have no obligation to investors to disclose such information or use it in fulfilling their obligations; (ii) the conditions for the provision of services and the amount of remuneration of group members for the provision of such services to third parties may differ from the conditions and amount of remuneration provided for investors. When resolving emerging conflicts of interest, VTBC Broker is guided by the interests of its clients.
  7. Any logos, other than the logos of VTBC Broker, if any are given in the materials of the Site, are used exclusively in information purposes, are not intended to mislead customers about the nature and specifics of the services provided by VBK Broker, or to obtain additional benefits through the use of such logos, as well as to promote the goods or services of the copyright holders of such logos, or to damage their business reputation.
  8. The terms and provisions contained in the materials of the Site should be interpreted solely in the context of the relevant transactions and transactions and / or securities and / or financial instruments and may not fully correspond to the meanings defined by the legislation of the Russian Federation or other applicable legislation.
  9. VTBC Broker does not warrant that the operation of the Site or any content will be uninterrupted or error-free, that defects will be corrected, or that the servers from which this information is provided will be protected from viruses, Trojan horses, worms, software bombs or similar items and processes or other harmful components.
  10. Any expressions of opinions, estimates and forecasts on the site are the opinions of the authors as of the date of writing. They do not necessarily reflect the views of VTBC Broker and are subject to change at any time without prior notice.

VTBC Broker is not liable for any losses (direct or indirect), including real damages and lost profits, arising from the use of information on the Site, for the inability to use the Site or any products, services or content purchased, received or stored on Website.

Good day!. The last two days I had an interesting task of finding a solution to such a situation, is there a physical or virtual server, it probably has the well-known CryptoPRO installed on it. Connected to the server , which is used to sign documents for VTB24 DBO. Locally on Windows 10 everything works, but on the server Windows platform Server 2016 and 2012 R2, Cryptopro does not see the JaCarta key. Let's figure out what the problem is and how to fix it.

Description of the environment

There is a virtual machine Vmware ESXi 6.5, as operating system installed Windows Server 2012 R2. The server is running CryptoPRO 4.0.9944, the latest version at the moment. From the network USB hub, using USB over ip technology, a JaCarta dongle is connected. Key in the system sees, but not in CryptoPRO.

Algorithm for solving problems with JaCarta

CryptoPRO very often causes various errors in Windows, a simple example (Windows installer service could not be accessed). This is how the situation looks when the CryptoPRO utility does not see the certificate in the container.

As you can see in the UTN Manager utility, the key is connected, it is seen in the system in smart cards in Microsoft Usbccid (WUDF) devices, but CryptoPRO, this container does not detect and you have no way to install a certificate. Locally, the token was connected, everything was the same. Began to think what to do.

Possible causes with container definition

  1. Firstly, this is a driver issue, for example in Windows Server 2012 R2, JaCarta should ideally be listed as JaCarta Usbccid Smartcard in the smart card list, not Microsoft Usbccid (WUDF)
  2. Secondly, if the device is seen as Microsoft Usbccid (WUDF), then the driver version may be outdated, and because of which your utilities will not detect the protected USB drive.
  3. Legacy version of CryptoPRO

How to solve the problem that the cryptopro does not see the USB key?

We created a new virtual machine and began to install the software all in sequence.

Before installing any software working with USB media containing certificates and private keys. Need to NECESSARILY disable the token, if stuck locally, then disable it, if over the network, break the session

  • First of all, we update your operating system with all available updates, as Microsoft fixes many errors and bugs, including drivers.
  • The second point is, in the case of a physical server, install all the latest drivers on the motherboard and that's it. periphery equipment.
  • Next, install the JaCarta Unified Client.
  • Install the latest version of CryptoPRO

Installing a single JaCarta PKI client

Single Client JaCarta- it special utility from the Aladdin company, for proper work with JaCarta tokens. Download the latest version given software product, you can from the official site, or from my cloud, if suddenly it doesn’t work out from the manufacturer’s website.

Next, you unpack the resulting archive and run setup file, for my Windows architecture, I have it 64-bit. Let's start installing the Jacarta driver. A single Jacarta client, very easy to install (REMINDER your token at the time of installation, must be disabled). On the first window of the installation wizard, just click next.

Accept license agreement and click "Next"

In order for JaCarta token drivers to work correctly for you, it is enough to perform a standard installation.

If you choose "Custom installation", then be sure to check the boxes:

  • Drivers
  • Support modules
  • Support module for CryptoPRO

After a couple of seconds, the Jacarta Unified Client is successfully installed.

Be sure to restart the server or computer so that the system sees the latest drivers.

After installing JaCarta PKI, you need to install CryptoPRO, for this go to the official website.

https://www.cryptopro.ru/downloads

At the moment the most latest version CryptoPro CSP 4.0.9944. Run the installer, check "Install root certificates" and click "Install (Recommended)"

CryptoPRO installation will be performed in background, after which you will see a suggestion to restart the browser, but I advise you to completely restart.

After reboot connect your JaCarta USB token. I have a network connection, from a DIGI device, via . In the Anywhere View client, my Jacarta USB drive is successfully defined, but as Microsoft Usbccid (WUDF), and ideally it should be defined as JaCarta Usbccid Smartcard, but you need to check anyway, since everything can work like that.

When opening the "Jacarta PKI Unified Client" utility, the connected token was not found, which means that something is wrong with the drivers.

Microsoft Usbccid (WUDF) is standard driver Microsoft, which is installed by default on various tokens, and it happens that everything works, but not always. operating room Windows system by default, puts them in mind for its architecture and settings, for me, personally, in this moment this is not necessary. What we do is we need to uninstall the Microsoft Usbccid (WUDF) drivers and install the drivers for the Jacarta media.

Open the dispatcher Windows devices, find Smart card readers, click Microsoft Usbccid (WUDF) and select Properties. Click the Drivers tab and click Uninstall

Agree to remove the Microsoft Usbccid (WUDF) driver.

You will be notified that for the changes to take effect, you need to restart the system, be sure to agree.

After rebooting the system, you can see the installation of the ARDS Jacarta device and drivers.

Open the device manager, you should see that your device is now defined as JaCarta Usbccid Smartcar and if you go to its properties, you will see that the jacarta smart card is now using driver version 6.1.7601 from ALADDIN RDZAO, as it should be .

If you open a single Jacarta client, you will see your electronic signature, which means that the smart card has been correctly identified.

We open CryptoPRO, and we see that the cryptopro does not see the certificate in the container, although all the drivers are defined as needed. There is one more feature.

  1. In the RDP session, you will not see your token, only locally, this is how the token works, or I did not find how to fix it. You can try the troubleshooting steps for "Unable to connect to the smart card management service" error.
  2. You need to uncheck one checkbox in CryptoPRO

MUST uncheck "Do not use outdated cipher suites" and reboot.

After these manipulations, CryptoPRO saw my certificate and the jacarta smart card became working, you can sign documents.

You can also see your JaCarta device in Devices and Printers,

If you, like me, have the jacarta token installed in the virtual machine, then you will have to install the certificate via console virtual machine, and also give rights to it to the responsible person. If this is a physical server, then you will have to give rights to the control port, which also has a virtual console.

When you have installed all the drivers for Jacarta tokens, you may see the following error message when connecting via RDP and opening the Jacarta PKI Unified Client utility:

  1. The smart card service is not running on the local machine. Microsoft's RDP session architecture does not provide for the use key carriers connected to the remote computer, so in the RDP session, the remote computer uses the local computer's smart card service. It follows from this that starting the smart card service inside an RDP session is not enough for normal operation.
  2. Smart Card Management Service on local computer started, but not available to the program inside the RDP session due to Windows settings and/or RDP client.\

How to fix "Unable to connect to smart card management service" error.

  • Start the smart card service on the local machine you are initiating the session with remote access. Customize it automatic start when starting the computer.
  • Allow the use of local devices and resources during the remote session (in particular, smart cards). To do this, in the "Remote Desktop Connection" dialog, select the "Local Resources" tab in the settings, then in the "Local Devices and Resources" group, click the "Details..." button, and in the dialog that opens, select the "Smart cards" item and click "OK", then "Connect".

  • Make sure the RDP connection settings are saved. By default, they are saved in the Default.rdp file in the My Documents directory. given file there was a line "redirectsmartcards: i: 1".
  • Make sure on remote computer to which you are making an RDP connection is not activated group policy
    -[Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection\Do not allow smart card reader redirection]. If it is enabled (Enabled), then disable it and restart the computer.
  • If you have Windows 7 SP1 or Windows 2008 R2 SP1 installed and you are using RDC 8.1 to connect to computers running Windows control 8 and above, then you need to install the update for the operating system https://support.microsoft.com/en-us/kb/2913751

Here was the troubleshooting for setting up the Jacarta token, CryptoPRO on the terminal server, for signing documents in VTB24 RBS. If you have comments or corrections, then write them in the comments.

Liked the article? Share with friends!
Twitter
print
Was this article helpful?
Yes
Not
Thanks for your feedback!
Something went wrong and your vote was not counted.
Thank you. Your message has been sent
Did you find an error in the text?
Select it, click Ctrl+Enter and we'll fix it!
Related Tips
Setting conversion options
Setting conversion options
How to Convert FLAC Files to MP3, AAC, WMA, WAV, etc.
How to Convert FLAC Files to MP3, AAC, WMA, WAV, etc.
wps extension. How to open a .WPS file? Other Causes of Problems Opening WPS Files
wps extension. How to open a .WPS file? Other Causes of Problems Opening WPS Files
How to Convert VOB File to AVI
How to Convert VOB File to AVI
How to change image format Utility converter from png to bmp
How to change image format Utility converter from png to bmp
Convert DOC to EPUB
Convert DOC to EPUB