Typical mistakes Continent ap. Removing a subscriber station of earlier versions How to remove the continent ap from a computer completely

I told you how to install the Continent AP program on Windows 7. The fact is that this program uses certificates in its work, with the help of which a secure connection and data exchange with the Continent AP access server is created. In this article, I will try to tell you how to create a request for issuing a certificate for the AP Continent, as well as how to install this certificate into the program.

I will show, as always, with pictures, though they were made on a computer, under Windows control xp. So let's get started...

After installing the AP Continent, you should see a "gray shield" icon in your tray. If you right-click this "shield", a context menu will appear, as shown in the picture below:

Here you need to select the "Certificates" menu item, and then "Create a request for a user certificate". The following window will open (Fig. 2):

This form must be completed. Before doing this, do not forget to insert a clean key carrier. Indeed, after filling out this form, the generation of private keys will begin, which occurs on the rejected key carrier. It can be, for example, a flash drive. If you are using the Crypto PRO 3.6 and higher program on your computer, then flash drives are enabled there by default. And to be more precise, then "All removable media." I do not consider generation on a key carrier of the "Registry" type, because it is prohibited in our UFC.

So, back to filling out the form (Fig. 2). As you can see, it consists of two blocks. I circled them in yellow. If everything is intuitive with the upper block (you need to fill in all the fields), then I will dwell on the lower one in more detail. Immediately you need to check the box "paper form". It is not set by default. The "Browse" buttons allow you to select a location to save the files. And there will be two. *.reg and *.html. The file names can be edited as you see fit without changing the file extensions, of course.

By default, the program offers to save under the following name: the name of the computer on the network (I circled it in blue), the date and time the request was created. As you can see from the figure, the request was created on 12/10/2015 at 09:51:46 on a computer named "imyacompa". The last 3 characters are added randomly. They always consist of three digits and I did not notice any system in their generation.

It is worth noting that if you downloaded version 3.5.68.0 of the Continent AP program from my website, then most likely there is an old printable template. After installing this program, you need to change this template. This is relevant for our region, namely the Chelyabinsk region. Changing the printable template will only affect the printable in *.html format, it will not affect the *.req file.

If your region is using the old template, then you must follow the guidelines for your region. Download new template you can follow the following link. If you are in our region, then before generating keys and a certificate request, change the template in accordance with the instructions in the attached file.

So, having decided on the name of the files, you can start generating a certificate request by clicking the "OK" button. As mentioned above, we will get 2 *.req and *.html files, as well as private keys on a flash drive or any other medium.

Next, you need to act in accordance with the procedure for submitting requests for a certificate, which is valid in your UFK. Here we print the *.html file on paper, sign it by the owner of the certificate and the head of the organization. Then we send a paper copy and *.req file on removable media to the Treasury and receive a certificate in return.

So, the request was sent to the UFC, we received a certificate. By the way, it may take time between sending a request and receiving a certificate, everyone is different, but the main thing is to wait for the certificate. What's next? And then we right-click on the "shield" of the AP Continent and do what is shown in the figure below:

Namely: we go again to "Certificates", and then "Install user certificate". The arrows in Figure 3 show what to do. Before that, insert the key carrier with the private keys obtained as a result of generation, and also prepare the certificate received from the UFK. I rewrote it on a key medium so that it is always at hand. You can do your own thing: rewrite it anywhere, the main thing is that during installation you can get to it. By the way, along with the user certificate, our UFK also issues the root certificate of the AP Continent. This certificate, when installed, must be located in the same directory as the user's. In general, the figure below shows all this:

The AP Continent's root certificate is the file root . This certificate is needed when installing AP Continent for the first time. After installing the user certificate, the program installs the root certificate if it is not installed. IN otherwise- doing nothing. But if the program does not find the root for the first time, then there will be problems. Therefore, it is better to let it always be together with the user certificate in the same directory.

Here, Figure 4, during installation, you must, of course, select the user certificate. It is underlined by me in the picture. And the yellow folder is the private keys obtained when the request was generated. There are six files with *.key extension. By the way, the keys are standard for the Crypto Pro 3.6 program. After all, it is she who generates these keys. So, having selected the user certificate, click the "Open" button and get to the following picture:

The topmost line is just the key container with private keys. And at this stage, we just have to indicate to the program the key container corresponding to our certificate. Namely, the one that was generated when creating the certificate request. In general, I will allow myself a small digression ... All EDS that are generated using Crypto Pro (you don’t think that the keys are generated by the AP Continent) consist of two parts:

These parts connect (again, with Crypto Pro) only if they match. It is not difficult to conclude: if one of the parts is lost or damaged, then the entire EDS stops working. And it is impossible to correct this situation, except for the generation of a new EDS. There are ways to make a copy of the digital signature, but I will not touch on this in this article.

So, back to "our sheep". In Figure 5, be sure to click on the top line with the key container, and then click "OK". After all this is done, you will receive the following window:

Well, there is only "OK", there are no other ways ... Congratulations, the certificate is installed. It's time to test its performance. To do this, you need to do as the following picture tells us:

RMB on the "shield", go "Establish / disconnect connection" -> "Establish connection Continent AP" and get into the following window:

Click where the red arrow points (Fig. 8). If you followed this instruction in the previous steps, then you will get at least one certificate. You must select exactly the one you just installed (see Figure 9):

Once selected, check the "Always use this certificate when connecting" checkbox. In this case, your AP Continent will connect to the server using the specified certificate. Otherwise (if the checkbox is not checked), it will prompt you to select a certificate each time you connect. To find out if the certificate was selected correctly, you can use the "Properties" button. It will show everything about the selected certificate. At the end, as always, the "OK" button. The process of connecting the AP Continent to the access server will begin. If everything is done correctly, then as a result you will see in the tray how the "shield" changed color from gray to blue:

If you succeeded the same as mine, then I am glad to congratulate you on the successful installation of the certificate for the AP continent. After you have connected to the access server, you can download SUFD and start working in it.

P.S. Oh, and one more thing: I think I've explained everything here in sufficient detail. But still, some questions may arise. In this case, write them in the comments below. By the way, for registered users of my site, comments appear immediately, without moderation.

And finally ... If you liked this article and you learned something new for yourself from it, then you can always express your gratitude in monetary terms. The amount can be any. It does not oblige you to anything, everything is voluntary. If you still decide to support my site, then click on the "Thank you" button, which you can see below. You will be redirected to a page on my website where you can transfer any amount of money to my wallet. In this case, a gift awaits you. After a successful transfer of money, you can download it.

Last revision: 10/23/2012
INSTRUCTIONS
for installation and configuration
Software Continent-AP

I. General provisions 2

II. Preparation for installation of Continent-AP 3 software

III. Installation of software Continent-AP 3

IV. Connection setup Continent-AP 8

V. Setting up readers in CIPF CryptoPro CSP 10

VI. Creating Authentication Keys and Certification Request 13

VII. Installing certificates 18

VIII. Checking the secure communication channel 22

IX. Setting up additional workplaces 30

ASFC – automated system Federal Treasury.

Treaty- an agreement on electronic document management concluded between a third-party organization and the UFK in the Udmurt Republic or territorially remote departments of the UFK in the Udmurt Republic.

Customer– a third-party organization that has entered into the Agreement.

ON – software.

PPO– application software.

CIPF- remedy cryptographic protection information.

SUFD– remote financial document management system.

SED- electronic document management system.

I. General provisions

1.2. The Continent-AP Software is provided to the Client under the Agreement.

1.3. The Continent-AP software is designed for secure data transmission over public (unprotected) networks. This technology is called a "virtual private network" (VPN). Data protection is provided by cryptographic methods, as a result of which data is transmitted through a public network in encrypted form. The Continent-AP software is installed on the Client's computer, which is connected to the specialized computer UFK in the Udmurt Republic - an access server that checks the access authorization and allows access to the resources of the secure network of the UFK in the Udmurt Republic.

1.4. For interaction between the Subscriber Station and the access server, the following certificates:

– access server certificate – for authentication of the access server;

– user certificate – for user authentication on the access server (user.cer file) – further on, the authentication certificate;

– certificate of the root certification authority – to verify the authenticity of the user certificate and the access server certificate (file root.p7b).

1.5. This Manual deals with working with Kontinent-AP version 3.5.x.

II. Preparation for installation of Continent-AP software

2.2. To install on a computer with operating system(hereinafter - OS) MS Windows XP, select Continent-AP software version 3.5.67, and for MS Windows 7 OS - software version 3.5.68.

2.3. If the Continent-AP software is installed on a computer running MS Windows 2000, it may be necessary to install additional OS updates. To install, select Continent-AP software version 3.5.67.

2.4. All software installation operations described in section II must be performed on the computer by a user with administrator rights.

III. Installation of Continent-AP software

3.2. To install Continent-AP software version 3.5.x, find in the Continent-AP distribution package, the file setup.exe and run it.

3.3. The installer will start executing preparatory actions, and a message will appear on the screen. After completing the preparatory steps, the start dialog of the installation wizard will be displayed on the screen. Press the "D" button but lee >".

3.4. When license agreement, you need to read it and accept its terms (Fig. 1) and press the button "D but lee >".

Rice. one

3.5. A window for selecting the folder where Continent-AP will be installed will appear (Fig. 2). The default installation folder for the software can be changed using the " AND change…". After selecting a folder, click the "D but lee >".

Attention! For the correct joint operation of the Continent-AP software and the SED software, it is necessary to install the Continent-AP strictly in the default folder - " C:\Program Files\SecurityCode\ClientContinent".

Rice. 2

3.6. When the window for selecting the type of installation appears (Fig. 3), check the box “ IN custom" and press the button "D but lee >".

Rice. 3

3.7. A window for selecting installation components will open (Fig. 4). In this window, you need to exclude the Firewall component from the installation, to do this, left-click on the icon next to the name of the component and check the box "This component will not be available." As a result, the Firewall component will look like in Fig. 5. Press the "Y" button but lee >".

Rice. 4

Rice. five

3.8. When requesting the IP address of the access server (Fig. 6), leave the value "0.0.0.0" unchanged and click the "D but lee >".

Rice. 6

3.9. A window will appear with a warning about the need for positive answers to all warnings that may appear during the installation of the program (Fig. 7). Click the button At become."

Rice. 7

3.10. The program installation will start and required drivers. During the installation, windows may appear warning that the software being installed has not been tested for compatibility with the operating system used (Fig. 8). Be sure to click the "Whatever" button. P continue."

Rice. 8

3.11. The completion of the installation of the program will be indicated by the window shown in Fig. 9. Press the " G that's it."

Rice. nine

3.12. After installing the Continent-AP software, you must restart your computer. After the OS is loaded, in the notification area (in the lower right corner of the screen) the icon of the Subscriber Station management program will be displayed in the form of a shield gray color with the letters "AP" (Fig. 10).

Rice. 10

3.13. In order to correctly generate applications for the production of authentication certificates, it is necessary to replace the application template file. To do this, copy the application template file request.xsl over the existing installation folder of the Continent-AP software (for software version 3.5.67, the folder " C:\Program Files\SecurityCode\ClientContinent\"). The template file is located in the folder with installation files Software Continent-AP.

IV. Continent-AP connection setup

4.2. To configure the connection, right-click on the icon of the control program for the Subscriber Station (the icon in the form of a shield with the letters "AP" in the lower right corner of the screen) and in the appeared context menu select the item "Settings → Continent-AP" (Fig. 11).

Rice. eleven

4.3. The "Continent-AP" connection properties window will open. In this window, on the General tab (Fig. 12). In field " H phone number:» enter IP address « 78.109.112.138 » or " 10.13.253.21 ", if the "ufkras" connection is additionally used to connect to the access server.

Rice. 12

4.4. Then select the "Network" tab (Fig. 13). In this tab, in the "Components used by this connection:" field, uncheck all components except "Internet Protocol (TCP / IP)", "QoS Packet Scheduler", "Continent3 Filter Driver". Click the OK button to complete the connection setup.

Rice. 13

V. Setting up readers in CIPF CryptoPro CSP

5.2. Before you start generating authentication keys, make sure that the necessary (planned for use) readers and media are added to the CryptoPro software. To do this, open the control panel (Start → Settings → Control Panel) and open the “CryptoPro CSP” snap-in in it (Fig. 14).

Rice. fourteen

5.3. The “CryptoPro CSP” window will open (Fig. 15) (the instructions for CryptoPro version 3.6 are given below). In this window, select the "Hardware" tab and click the "Configure from readers... A window with a list of installed readers will appear (Fig. 16). If the list does not contain the required readers, then you will need to add them. In this case, the addition must be performed under a user account that has administrative rights on this computer.

Rice. 15 Fig. 16

5.4. To add the required reader in the "Manage readers" window, click the " D add ... "(Fig. 16). The "Reader Installation Wizard" window will open, in this click the " D alley >".

5.5. In the window that appears (Fig. 17), in the available readers, select the required one and click the " D alley >".

Rice. 17

5.6. In the window that appears (Fig. 18), the field " AND reader name:" leave it unchanged and click the button " D alley >".

Rice. eighteen

5.7. As a result, a window will appear with a message about the completion of the reader installation wizard (Fig. 19). Click the Done button. As a result, a new reader will be added to the list of installed readers (Fig. 16). Close the "Manage readers" window (Fig. 16) by clicking the "OK" button. Close the "CryptoPro CSP" window (Fig. 15) by clicking the "OK" button.

Rice. 19

VI. Create Authentication Keys and Certification Request

6.2. Right-click on the icon of the control program for the Subscriber Point (the icon in the form of a shield with the letters "AP" in the lower right corner of the screen) and in the context menu that appears, select the item "Certificates → Create a request for a user certificate ..." (Fig. 20).

Rice. twenty

6.3. The form shown in Fig. 21. All fields are mandatory, except for the field "Description", this field is not filled. In this form, the fields "Employee name:", "Organization:", "Department:" have a number of restrictions. The string length of each field cannot exceed 64 characters. When filling in these fields, quotes, commas, semicolons, "+" signs cannot be used.

Rice. 21

6.4. In field "Employee Name:" indicate the full name of the Client (this field corresponds to the field "common name of the organization" in the application). If the name of the Client exceeds 64 characters, then abbreviate it using understandable abbreviations (for example, "Municipal educational institution" - MOU, "secondary school" - SOSH, "State public institution" - GKU, "Municipal education" - MO, etc.). P.). If the Client has more than one Kontinent-AP workstation, for example, the Client acts as an “Income Administrator” and “Recipient of Budgetary Funds”, etc., then after the name it is necessary to add, respectively, “(AWP AP)”, “(AWP PBS )" etc.

6.5. In field "Organization:" indicate the full name of the Client, taking into account the restrictions imposed on the field.

6.6. In field "Subdivision:" indicate the name of the subdivision (department) carrying out the exchange electronic documents with the UFC in the Udmurt Republic. If the organization does not have a division into departments, then put a dash (the “-” sign).

6.7. In field "Region:" indicate "Udmurt Republic".

6.8. In field "City:" enter the name of the respective city. For other localities of the republic, it is required to indicate: the type and name of the locality, the district of the republic through a dot.

6.9. In field "The country:" select "RU".

6.10. In field « e- mail:» enter the Client's email address. It is advisable to indicate addresses related to the Client's corporate domains, for example, roskazna.ru, minfin.ru, etc., and not on public domains: gmail.com, mail.ru, rambler.ru, etc.

6.11. In field "Electronic form:" the name of the request file for the authentication certificate will be displayed (file with extension .req) and the folder where it will be saved. The folder for saving the request file can be selected using the "Browse ..." button. It is recommended to create a folder “Continent-AP” and a subfolder for the current year on a non-system disk (disk D, E, etc.) (if necessary, additional folders “AP”, “PBS”, etc. can be created)

6.12. Necessarily check the box next to "paper form:". This field will display the file name of the application for the authentication certificate (file with the extension .html) and the folder where it will be saved. The folder for saving the application file can be selected using the "Browse ..." button. It is recommended to save the request file in the same folder as the request file.

6.13. After filling in the required form fields, click the "OK" button.

6.14. A window for selecting a key medium will appear (Fig. 22), which will be used for storing private key authentication, and will later be used to establish a connection with the UFK access server in the Udmurt Republic. When using a “flash drive” as a key carrier, insert a blank “flash drive” into the computer, in the “ At devices:" select "Drive: E" (if the "flash drive" was defined in the system under the letter "E", in your case any other letter can) and click the "OK" button.

Attention! It must be remembered that key media are information carriers for official use, and when storing and using them, it is necessary to comply with the requirements set forth in the Rules for the use of the CIPF "Continent-AP", as well as the requirements of the Instruction on organizing and ensuring the security of storage, processing and transmission through channels communication using means of cryptographic protection of information with limited access that does not contain information constituting state secret, approved by order of the Federal Agency for Government Communications and Information under the President Russian Federation dated June 13, 2001 No. 152.

Rice. 22

6.15. If a biological sensor is installed in the CryptoPro software random numbers, then after selecting the key carrier, the random number generator window will appear (Fig. 23). Arbitrarily move the mouse and press keys.

Rice. 23

6.16. A window will appear asking you to set a password for the key container being created (Fig. 24). Set the desired password and click OK. The password must be remembered or written down and stored, not allowing its disclosure.

Rice. 24

6.17. As a result, a key container with a name in the format "username"_"date of creation"_"time of creation" will be created on the medium selected in paragraph 6.14 ( ). A message will be displayed on the screen indicating that the request was successfully created. In the folder specified in paragraphs 6.11-6.12, a request file will be created ( username_DD_MM_YYYY__HH_MM_SS.req) and an authentication certificate application file ( ).

6.18. Print an application for an authentication certificate (from file username_DD_MM_YYYY__HH_MM_SS.html) and fill it out.

6.19. The request file for an authentication certificate and an application, as well as other necessary documents, are transferred to authorized persons on issues of secure electronic document management in the UFK in the Udmurt Republic in accordance with the established procedure.

6.20. After positive verification and processing of documents, the Client receives a user authentication certificate (file user.cer) and the certificate of the root CA (file root.p7b). These files should be kept in case you need to reinstall the software and/or the certificates themselves. After receiving the certificates, it is recommended to save them to the folder specified in clause 6.11.

VII. Installing certificates

7.2. To install a user authentication certificate, right-click on the icon of the Subscriber Point management program (the icon in the form of a shield with the letters "AP" in the lower right corner of the screen) and select "Certificates → Install user certificate" in the context menu that appears (Fig. 25) .

Rice. 25

7.3. A standard Explorer window will open to search for a file (Fig. 26). In this window, find the folder where you copied the certificate files. select a file user.cer and click the " ABOUT open."

Rice. 26

7.4. A window for selecting a key container will appear (Fig. 27). If the key container was created on removable media and this media is not currently inserted into the computer, then insert it and click the Update button. The container selection window should display all available key containers. Select the container that was created in paragraph 6.17 ( username_DD_MM_YYYY__HH_MM_SS) and click OK.

Rice. 27

7.5. If an error message appears with the text “Invalid vendor public key” (Fig. 28), then you either selected the wrong certificate file in section 7.3, or selected the wrong key medium in section 7.4. In this case, click the "OK" button and repeat the steps described in paragraphs 7.2-7.4.

Rice. 28

7.6. If up to this moment the certificate of the root certification authority of the UFK access server in the Udmurt Republic has never been installed at this workplace, then a window will appear asking you to install the root certificate (Fig. 29), click the "Yes, automatically" button.

Rice. 29

7.7. As a result, the installation of the certificate of the root certification authority from the file will begin. root.p7b found next to the user's authentication certificate file user.cer. A security warning will be displayed on the screen (Fig. 30). Be sure to click the " D but".

Rice. thirty

7.8. The completion of the certificate installation will be indicated by a message about the successful completion of the user certificate import (Fig. 31). Click the OK button.

Rice. 31

7.9. If Continent-AP was set to permanent use one authentication certificate, then in the future it may be necessary to reconfigure Continent-AP to use another authentication certificate (in particular, when changing authentication keys). To make the authentication certificate selection window reappear, do the following:

7.9.1. Right-click on the icon of the control program for the Subscriber Station and select the "Authentication Settings → Continent-AP" item in the context menu that appears (Fig. 32).

Rice. 32

7.9.2. The authentication settings window will appear (Fig. 33). In this window, click the "Reset memorized certificate" button and then the "OK" button. As a result, the next time you try to establish a connection with the access server, an authentication certificate selection window will be displayed (Fig. 34).

Rice. 33

Rice. 34

VIII. Checking the secure communication channel

8.3. Initially, it is necessary to check the open communication channel.

8.3.1. To do this, in the "Start" menu, select the "Run ..." item (Fig. 35). The "Starting the program" window will open (Fig. 36). In this window, in the field " ABOUT open: "type command" cmd" and click the "OK" button.

Rice. 35 Fig. 36

8.3.2. The command line application window will appear (Figure 36). In this window, type the command " ping78.109.112.138" or « ping10.13.253.21"(if the network connection is "ufkras") and press the key. If the SD of the UVK for the Udmurt Republic is available, then the result of the command will be approximately the same as in Fig. 37 (numerical values ​​may differ from those given in the example). Close the command line application window by clicking the cross in the upper right corner of the window.

Rice. 37

8.4. After successfully checking the open communication channel, run the ChannelChecker.exe utility (Fig. 38). The utility is located in the folder with the installation files of the Continent-AP software, in the Tools folder.

Rice. 38

8.4.1. Leave the Port field unchanged (the default value is 7500).

8.4.2. In the "Timeout, s" field, enter the value 10.

8.4.3. In the "Server IP address" field, specify the address of the SD, the interaction with which is being tested - 78.109.112.138 (10.13.253.21 - when connecting using "ufkras").

8.4.4. Leave the Server Port field unchanged (the default value is 4433).

8.4.5. Do a test. Testing is carried out with a broken connection Continent-AP. The test result will be displayed in a message box:

– if the connection between the AP and the DS was successfully established, the message “Test completed successfully” will appear;

– if within the period of time specified in the “Timeout” field, no response is received from the SD, the message “Timeout has expired” will appear;

– if the error message “Error Normally one use of the socket address (protocol / network address / port)” appears during testing, then you need to check if it is trying to this moment Continent-AP software establish a connection - in this case, manually disconnect the connection and try again testing.

8.4.6. If the message "Timeout expired" appears:

1) check that the fields are filled in correctly;

2) if the fields are filled in correctly, change the value in the "Port" field to 7501 and test again - if the test is successful, go to paragraph 8.5. this manual;

3) if the message "Timeout expired" appears again, test using port 7502 - if the test is successful, go to paragraph 8.5. this manual.

8.5. Open the "Device Manager" (Fig. 39) (right-click on the "My Computer" icon, select the "Computer Management" menu item), in " network boards» find "Continent 3 PPP Adapter". In the properties of the adapter on the "Advanced" tab, change the default value in the "UDP Port" field - 7500 - to the required value and click the "OK" button (Fig. 40).

Rice. 39

Rice. 40

8.6. You may also need to check the type of remote access server you are connecting. To do this, open the "Continent-AP" network connection properties, "Network" tab, "Type of connected remote access server:" should be "PPP: Windows 95/98/NT 4/2000, Internet".

8.7. Upon successful verification of the availability of the UVK SD for the Udmurt Republic, right-click on the icon of the AP management program (the icon in the form of a shield with the letters "AP" in the lower right corner of the screen) and in the context menu that appears, select the item "Establish / disconnect connection → Establish connection Continent -AP" (Fig. 41).

Rice. 41
8.8. A window will appear for selecting a certificate to be used when connecting (Fig. 34).

Rice. 34

8.9. In the "User Certificate:" field, click the drop-down icon. A list of all personal certificates installed on this workstation will be displayed. In this list, you must select the authentication key certificate issued to your organization (Fig. 42).

Rice. 42

8.10. To check whether you have selected the correct certificate, click the "Properties" button in the certificate selection window (Fig. 34). The properties window for the selected certificate will open (Fig. 43). In this window, in the "Issued to:" field, the code name of your organization must be indicated, in the "Issued to:" field, the name of the root certification authority of the UFK access server in the Udmurt Republic must be indicated ( CA- SD13- root). Additionally, the correct validity period of the certificate must be specified. After checking the specified parameters, click the "OK" button in the certificate properties window.

Rice. 43

8.11. If the certificate is selected correctly, click the "OK" button in the certificate selection window (Fig. 34). If the connection is made for the first time, then a warning will be displayed on the screen that the UFK access server is not on the lists of allowed ones and a proposal to add it to the list (Fig. 44). In this case, click the "Yes" button.

Rice. 44

8.12. After that, an attempt will be made to read the private authentication key from the key container. If the key container was created on removable media and this media is not currently inserted into the computer, you will be prompted to insert the key media. Upon a successful attempt to read the key and establish a connection, the icon of the AP control program (the icon in the form of a shield with the letters "AP" in the lower right corner of the screen) will change its color from gray to blue (Fig. 45). In the future, the blue color of the icon indicates that at the moment the connection with the SD of the UVK in the Udmurt Republic has been established.

Rice. 45

8.13. For successful work with the software "ASFC (SUFD)" (hereinafter referred to as the SUFD portal) or the software "SED" through the Continent-AP, after establishing a connection with the SD of the UFK in the Udmurt Republic (the icon of the AP control program is blue), the SUFD portal must be available or the UFK FTP server for the Udmurt Republic. To check the availability of the UFK SUFD portal for the Udmurt Republic, select the "Run ..." item in the "Start" menu (Fig. 35). The "Starting the program" window will open (Fig. 36). In this window, in the field " ABOUT open: "type command" cmd" and click the "OK" button.

8.14. The command line application window will appear (Figure 46). In this window, type the command " ping 10.13.200.12 » to check the availability of the SUFD portal or « ping 10.13.1.10 ” to check if the FTP server is available and press the key. If the SUFD portal or FTP server of the UFK for the Udmurt Republic is available, then the result of executing the command will be approximately the same as in Fig. 46 (numerical values ​​may differ from those shown in the example). Close the command line application window by clicking the cross in the upper right corner of the window.

Rice. 46

8.15. After checking the availability of the SUFD portal or FTP server of the UFK in the Udmurt Republic, disconnect the connection with the SD, to do this, right-click on the icon of the AP control program and select the item "Set / disconnect connection → Disconnect Continent-AP connection" in the context menu that appears ( Fig. 47). The AP control program icon will change its color from blue to grey.

Rice. 47

8.16. If the connection check was successful, then it is recommended to configure the Continent-AP software to permanently use the selected authentication certificate. To do this, follow the steps described in paragraphs 8.7-8.10. After that, in the certificate selection window (Fig. 48), check the box "always use this certificate when connecting" and click the "OK" button. A connection will be established with the UVK SD for the Udmurt Republic (the AP control program icon will change its color from gray to blue). As a result, when connecting to the UFK SD in the Udmurt Republic, the selected authentication certificate will always be used, and the certificate selection window will not appear.

Rice. 48

IX. Setting up additional workplaces

9.2. Legend:

1) Server - automated workplace(hereinafter referred to as ARM) with installed software Continent-AP.

2) Client - an additional workstation with a SUFD portal or EDMS software.

9.3. Settings on the Server.

9.3.1. Check if the Windows Firewall/Internet Connection Sharing (ICS) service is running, if not, start it.

9.3.2. Open " Network connections", in the connection properties of the Continent-AP on the "Advanced" tab, check the box "Allow other network users to use this computer's Internet connection".

9.4. Settings on the Client.

9.4.1. Add a route from the Client to the "SUFD portal" (or FTP server) through the Server using command line(cmd.exe):

route add 10.13.200.12 mask 255.255.255.255 "Server_IP_address"

9.5. Check connection from the Client (in this case, the Continent-AP connection must be established on the Server) using the command line (cmd.exe):

Ping 10.13.200.12.

9.6. If the connection is successfully checked, repeat the route adding command with the “-p” key using the command line (cmd.exe):

route add 10.13.200.12 mask 255.255.255.255 "Server_IP" -p.

9.7. When using several Clients, the relevant settings are in clause 9.4. - must be carried out on all workstations.

The system of cryptoprotection of information Continent-AP from the developer "Security Code" is a software and hardware complex that provides remote access to the networks of large municipal organizations such as GAS "Vybory" and the Federal Treasury. To update the CIPF "Continent-AP" must be completely removed previous version this program from your computer: otherwise, the installation of new software will not be possible due to conflicts with the system.

Work in the program

Continent-AP provides users with such opportunities as:

• secure access via RDP to computers and portable devices using a special cryptographic algorithm certified in accordance with GOST 28147/89 (functioning in the back response gamma mode);
• the creation of a multi-stage authentication algorithm for remote users based on X.509 standard public key certificates, which ensures a high degree of security of data transmitted within the HSC;
• support for external VPN clients for Linux and Windows, incl. electronic keys Token, iKey, iButton identifiers, floppy disks and flash drives;
• communication with the Continent system with mobile devices and stationary PCs at speeds up to 16 Mb per second;
• much more.

To access the CIPF, you must use valid certificates root CA:

• cer - user certificate;
• p7b is the root certificate.

In order to install a root certificate, you need to:

1. Unzip the file with certificates to a key drive - this can be a disk, flash drive or other removable media with a key container where private keys are stored, which are generated by employees of the relevant authorized agency when generating a request for a user certificate. The key container in its content is a folder with attachments like "header.key", "masks.key", etc.
   
2. Install the certificate in the "Storage" on the PC. To do this, on the Windows taskbar in the tray, find the shield icon with the inscription "AP" - usually the specified object is located in the lower right corner of the monitor, next to the time and date settings.
3. If there is no application in the tray, you will need to launch it from the Start menu. Select the "Start" - "Programs" section of the opened menu, go to the "Security Code" subsection, to the "Continent Subscriber Point" folder and click on the "Control Program" icon.
4. In the context menu that opens, go to the “Certificates” section: in the drop-down list, select the “Install cert. user".
   
5. Go to "Explorer" - press the combination Win + E and go to the removable media that stores the certificates of the key container file.
6. Select the "user.cer" file and click "Open".
7. In the dialog box that opens, the inscription "Select a key container ..." will appear - click on the name of the key container. After the element is highlighted in blue, tap on "OK".
   
8. When the CryptoPro CSP window appears, enter the access password for the specified container, and then click on "OK". Password is issued to the user who generated the request for a certificate. If the password has been forgotten or lost, you will need to generate a new request for a key, and you should revoke the current certificate.
9. A dialog box will appear in which you need to click on "Yes, manually".
10. Now you need to download the certificate called "root.p7b" - go to the explorer to removable media, click on the object with the right mouse button and select the "Open" context menu option.
11. Read the text presented in the "Security Warning" window, then tap on the "Yes" interactive key.
12. The screen will display “Import Custom Cert. completed successfully."
13. After pressing the "OK" button, you can connect to the access server.

To delete certificates in Continent-AP, you will need to perform the following operations:

1. Right-click on the shield icon in the tray on the bottom toolbar: go to the "Settings" context menu item and select the "Continent-AP CIPF" section.
2. In the "CIPF Continent-AP Properties" dialog box that opens, go to the "Security" tab.
3. In the "Advanced (Custom Options)" section, click on the "Options..." hotkey.
4. In the "Advanced security settings" menu that opens, under " Secure Entry» activate «Properties».
5. A dialog box will open, on the left side of which is the element "Server Dostupa", and on the right - "CA SD" (a specific user may have other key names). To remove the specified certificates, you will need to click on the button located in the lower right part open window, - "Reset memorized certificate", then tap on "OK" and exit "Settings".
   
6. Now you need to completely remove the Continent-AP “.cer” format file from the key storage. To do this, in Windows 7, you will need to call the "Run" window by pressing the Win + R keys or through the "Start" menu - "Run". In version 10 of the operating system, you need to click on the magnifying glass icon located in the lower left corner of the display to the right of the Start menu and enter the Run command or hold down the Win + R combination.
7. Type the command "certmgr.msc" without quotes, then tap "Enter".
8. If an error like “Unable to find.msc” appears, perform the following 7 steps, if there is no error, go directly to paragraph 18 of the current instruction.
9. In the "Run" window, enter the code word "mmc" without quotes and click on "OK".
10. In the "Console" window, go to the leftmost item of the "File" menu, in the drop-down list select the fifth item - "Add or remove snap-in".
    
11. In the dialog box that opens, go to the "Isolated Snap-in" tab and click on the "Add" button located in the lower left corner of the screen.
12. The monitor will display a list of available snap-ins. Click on "Certificates", and at the bottom of the "Add isolated snap-in" window, click on the "Add" button.
13. In the "Certificate Manager snap-in", check the box next to the option "my account…” and click on “Finish”.
14. Exit "Add Snap" by clicking "Close".
    
15. Certificates of the current user will appear in the main part of the active window "Add / Remove ..." - click on the "OK" button.
16. A "Console" window called "Certificates" will be displayed - select the objects with "CA SD" in the "Issued by" column located on the right side of the screen and click on the "Delete" option.
17. In the left side menu, go to the "Trusted Root Centers ..." - "Certificates" section and uninstall the object called "CA SD".
18. Exit "Snap" without saving.
19. Can be re-installed new file".cr" format.

Uninstalling the program

Before removing Continent-AP from the computer, it is necessary to create a system restore point, since if the components of the CIPF are not uninstalled correctly, problems may arise when you try to install this software and hardware complex on a PC again. To do this, you must perform the following steps:

Now you can safely completely remove Continent-AP 3.6 from your PC and clean the registry from residual files this program.

Standard uninstall

In order to uninstall Continent-AP 3.6 from a PC, it is recommended to follow the instructions:

1. Exit the program in the tray - right-click on the icon in the form of a shield with the inscription "AP", and select the "Exit" option in the context menu.
2. Make sure that the software is not listed in the list of background processes and in startup. Go to "Task Manager". You can perform this operation by pressing the Ctrl + Alt + Delete combination and selecting the appropriate “Task Manager” tool or through the “Run” menu: hold down Win + R and enter the passphrase “taskmgr” without quotes, tap “Enter”.
3. In the "Processes" tab, terminate the executable exe of the uninstalled CIPF - right-click on the object and activate the "End task" option.
   
4. Go to the "Startup" tab and disable the uninstalled software by right-clicking and selecting the "Disable" option.
5. Go to the "System Configuration" window. You can perform this action through the magnifying glass icon located to the right of the Start menu - enter the "Configuration" command or the "msconfig" key. You can also get into the configurator window alternative way: hold down Win + R, in the "Run" drive password "msconfig" without quotes - "Enter".
6. Go to the "Services" tab, click on "Do not display Microsoft services", tap on "Disable all" (after completing this action the entire list of startup programs will be cleared). You can disable only the uninstallable CIPF - to do this, find the specified object in the general list of services and uncheck the box located to the left of its name.
   
7. In Windows 7, you will also need to go to the "Startup" tab and disable the executable process using the "Disable" option.
8. Close the "msconfig" window after pressing the "Apply" button.
9. Reboot the computer.
10. In OS 10, you need to go to the Start menu, click on the gear icon. In the "Windows Settings" window, select the "Applications" subsection.
11. In "Applications and Features" find the uninstallable "Control Program" using the built-in search string– click on the found search result with the right mouse button and initiate deletion.
    
12. Follow the prompts of the "Installation Wizard" - click "Finish" at the end of the uninstallation process.
13. Restart PC.
14. After turning on the device - go to the "Registry Editor" tool - press Win + R and enter the "regedit" command, tap on "OK".
15. In the "Registry Editor" window, select the leftmost item of the "File" menu - the "Export" section. Specify "All registry" as the export range, then enter any file name and click "Save" in the desired directory. Subsequently, it will be possible to restore data from the specified source using the "Import" option.
16. Hold down the Ctrl + F combination and look for the residual components of the uninstalled application - click "Find Next".
    
17. The monitor will display a list of entries in the registry: clean individual entries located in "HKEY_CURRENT_USER" and "HKEY_LOCAL_MACHINE".

Note! It is better for inexperienced users to skip the step with manually cleaning the registry, as there is a high probability that their actions may lead to OS failure. You can use a special registry cleaning tool called Reg Organizer. There is a full version of this software solution, and a portable exe that does not require installation.

In order to remove from the registry "junk" keys and files left after the removal of Continent-AP versions 3.5, 3.6 and 3.7 using RegOrganizer, you will need:

Alternative way to uninstall the program

If the user has little time and needs to urgently remove the Continent-AP program from his computer, then one of the specially developed uninstaller utilities will come in handy. Best Solutions:

• CCleaner;
• Revo Uninstaller;
• Advanced SystemCare (iObit);
• UninstallTool.

All of these applications operate on approximately the same principle: they produce standard delete applications and then clean file system and registry from residual software components. For example, in order to completely remove Continent-AP 3.7 using the free CCleaner software, you will need to follow the instructions:

Error messagesarising during the installation of connection of the subscriber station Continent-AP.

The subscriber station allows you to establish remote secure connections using the Continent 3 PPP Adapter modem emulator. When connecting the Continent-AP subscriber station, error messages may appear on their decisions, listed below.

Error 721 remote computer doesn't answer.

1) You may not be connected to the Internet.

2) Any programs are blocking ports. Disable antivirus, firewall.

3) Remove, if installed, the firewall that comes with the Continent-AP program.

4) If you are using wired Internet, the provider may have blocked the ports necessary for the operation of the Continent-AP program. To check, establish an Internet connection via a USB modem.

Error 628 The connection was closed.

See Error 721

Error 629 The connection was closed by the remote computer.

See Error 721

This error occurs when the user manually enters an IP address in the properties of the TCP / IP protocol, at a time when the server should issue them automatically. To fix it given error, you need to go to the connection settings of Continent-AP.

In the "Network" tab, select the line "Internet Protocol TCP / IP" and click the "Properties" button.

In the window that opens, set the following switches:

• "Obtain an IP address automatically";
• "Obtain DNS server address automatically."

Error 703: The connection requires some input from the user, but the application does not allow user interaction."

Go to the settings of the AP Continent - on the "security" tab, the "parameters" button, the button - "properties", "reset the stored certificate".

Error 734 The PPP Link Control Protocol was terminated.

1. Focus on the error that appears before this one.

2. Check the system date.

Mistake. The server denied access to the user. Reason for failure Multiple user login is not allowed.

Wait a few minutes and re-establish the connection.

The server denied access to the user.Reason for rejection: Client-Cert not found.

Key signing error 0x8009001D (Vendor library not initialized correctly).

CryptoPro license expired

Key signing error 0x80090019 (Key set not defined).

1. Delete saved passwords (CryptoPro => Tools => Delete saved passwords).
2. The certificate may have expired. Check the expiration date by opening the user.cer file.

Key signing error 0x8009001F(Incorrect key set parameter).

Key signing error 0x00000002 (The specified file cannot be found).

Delete this version program Continent-AP and install Continent version 3.5.68.

The server denied access to the user. Reason for refusal: user login blocked.

You have been blocked on the UFC server. Call and find out the reason for blocking.

The integrity of the files has been violated. Contact your system administrator.

It is necessary to “fix” the Continent-AP program through the installation and removal of programs

Error 850: The protocol type is not installed on the computerEAP required for dial-up connection authentication.

It is necessary to “fix” the Continent-AP program through the installation and removal of programs

Insert key media. Keyset does not exist.

1. Continent inserted.
2. When establishing a connection during the certificate selection step, make sure that the correct certificate is selected.

1. Make sure CryptoPro sees this key

Insert the key media (The "device" field is empty).

1. Make sure the flash drive with the key Continent inserted.
2. Open CryptoPro and, on the tab "Equipment", select "Configure Readers...".

1. In field "The following readers are installed:" remove all readers by selecting them one by one and pressing the button "Delete".

1. Click "Add"
2. The reader installation wizard window will appear. Click "Further"

1. At the next step of the reader installation wizard in the field "Producers" select "All Manufacturers". And on the list "Available Readers" select "Everything removable drives» . Click the button "Further".

1. In the next window, click the button "Further"

1. In the window that appears, click "Ready".

1. Try to re-establish the connection.

The icon located in the tray disappeared.

1. Go to "Start" => "All Programs" => "Security Code" => "Continent Subscriber Station" and select "Control Program".
2. If the icon does not appear, right-click on the Windows taskbar (or press alt+ctrl+delete) and select Task Manager.

Go to the "Processes" tab and select "AP_Mgr.exe" from the list and click the "End Process" button.

Then repeat step 1.

15. "Error" Insert key media. Keyset does not exist.

15.1 Make sure that the media with the Continent key is inserted.

15.2 When establishing a connection, at the stage of selecting a certificate, make sure that the correct certificate is selected.

15.1.3 Make sure that CryptoPro sees this key.

16. "Error" Insert the key carrier (The "device" field is empty).

Make sure the media with the Continent key is inserted;

Open CryptoPro and, on the "Hardware" tab, select "Configure readers";

In the "The following readers are installed" field, remove all readers by selecting them one by one and clicking the "Delete" button;

Click "Add";

The reader installation wizard window will appear. Click "Next";

On the next step of the Reader Installation Wizard, in the Manufacturers field, select All Manufacturers. And in the "Available readers" list, select "All removable drives". Press "Next";

In the window that appears, click "Finish";

Try to re-establish the connection.

17. "Error" The icon located in the tray disappeared.

17.1 Go to "Start" => "All Programs" => "Security Code" => "Continent Subscriber Station" and select "Control Program".

17.2 If the icon does not appear, right-click on the Windows taskbar (or press ctrl + alt + delete) and select "Task Manager".

Go to the "Processes" tab and select "AP_Mgr.exe" from the list and click the "End Process" button.

Then repeat point 17.1.

18. The server denied access to the user "Invalid key usage type".

18.1 Reinstall the certificate, having previously cleared the "remembered passwords" in CryptoPro. Check work.

18.2 It is necessary to “fix” the Continent-AP program through the Control Panel => Add or Remove Programs, or install a new version of Continent-AP.

18.3 Reinstall Continent-AP (reboot the computer). Reinstall the certificate.

18.4 Reinstall CryptoPro first (preferably through cspclean.exe), then Continent-AP (restart the computer). Reinstall certificates.

19. The server denied access to the user. "Client-Cert not found" (see Figure 5).

Solution: Check the validity period of the license for CIPF "CryptoPro" version 3.6. To do this, open the Start menu => Programs => Crypto-Pro => Manage CryptoPro PKI licenses (see Fig. 6).

Select the menu item "CryptoPro CSP". In the right part of the "CryptoPro PKI license management" window, the license validity period is indicated (see Fig. 7).

If the license has expired, right-click on the menu bar "CryptoPro CSP", select the menu item "All Tasks => Enter serial number» (see fig. 8). Enter the license serial number obtained from the FC authority.

If the license validity period is unlimited, close the "CryptoPro PKI license management" window and try to establish a Continent-AP connection. If the problem persists, then follow these steps.

It is required to remove the Continent-AP certificate from the computer settings and reinstall this certificate. To do this, call the Continent-AP menu by right-clicking on the icon in the lower right corner of the screen.

On the menu "Setting Authentication" activate command "Continent-AP"(see fig. 9).

The Continent-AP window will appear on the screen. Click the button "Reset stored certificate", press the button "OK"(see fig. 10).

Run the program certmgr.msc from the "Utilities" folder, which is part of the distribution kit "Continent-AP 3.6 with support for Windows7 Distribution kit and user manual". The "Certificates" window will appear on the screen. Open the "Certificates - current user" list, then the "Personal" list, then the "Certificates" list (see Figure 11).

Fig.11

Delete all certificates that have "UFK Access Server" or "OFK Access Server" in the "Issued By" column (see Figure 12). Close the Certificates window.

Call the Continent-AP menu by right-clicking on the icon in the lower right corner of the screen.

On the menu "Certificates" activate command "Install User Certificate"(see fig. 13).

The "Open" window will appear on the screen. select a file user.cer and press the button "Open"(see fig. 14). File user.cer may be on a floppy disk or flash drive.

The “Continent-AP” window will appear on the screen with the suggestion “Select a user certificate key container”. Select the desired key container and click the button "OK"(see fig. 15). Usually, the initial characters of the key container name match the organization's TIN.

If a message appears on the screen, as in Figure 16, press the button "Yes, automatically"(see fig. 16). This message will not appear when you reinstall the certificate.

If a message appears on the screen, as in Figure 17, press the button "Yes"(see fig. 17) . This message will not appear when you reinstall the certificate.

Click the button "OK"(see fig. 18).

Try to establish a Continent-AP connection. If the problem persists, reinstall Continent-AP. To do this, open the menu "Start => Settings => Control Panel" (see Fig. 19).

Open the Add/Remove Programs shortcut (see Figure 20).

Find the line "Continent-AP" in the list of installed programs and click the "Change" button (see Fig. 21).

The Continent-AP window will appear on the screen. Click the "Next" button (see Figure 22).

Check the "Fix" box. Click the "Next" button (see Figure 23).

Click the "Install" button (see Figure 24). Wait for the Continent-AP installation to finish. This may take several minutes.

Rice. 24
Press the "Finish" button (see Fig. 25).

Click the button to restart your computer. "YES"(see fig. 26).

After restarting your computer, try establishing a Continent-AP connection.

20. "Mistake" When trying to establish a connection, the message " The integrity of the Subscriber Station files has been violated. Contact your system administrator» (see fig. 27).

Run the start.bat file from the setup folder, which is located in the archive with the Continent-AP distribution kit. Try to establish a connection. If it does not connect, remove Continent-AP and install Continent-AP version 3.6 in accordance with the document "User's guide for installing and configuring CIPF Continent-AP 3.6.doc".

Some of the information is taken from the sourcetut- admin. en/2014/06/11/common-errors-continent-up/