Plugin not installed error. What to do if there are problems with CryptoPro EDS Browser plug-in (Windows OS) - Powered by Kayako Help Desk Software. Why use the CryptoPro extension in Yandex browser
To verify CAdES-X Long Type 1 signature https://www.cryptopro.ru/sites/default/files/products/cades/demopage/cades_xlong_sample.html
Agree with all pop-ups, if any.
You should see a page that looks like this:
If you see such a window, then go to step 2, if not, then read on.
If you see such a window, it means that CryptoPro CSP is not installed or available, see How to check the installation or install CryptoPro CSP.
If you see such a window, then CAdESBrowserPlug-in is not installed or not available, see How to check if the plugin is installed, How to make sure that the browser is configured correctly.
Step 2
In the Certificate field, select the desired certificate and click Sign.
Note: The Certificate field displays all the certificates installed in the current user's Personal store and the certificates stored in key containers. If there are no certificates in the list or the required one is missing, then you need to insert a key carrier with a private key and .
If after clicking the Sign button you see such a result, it means that you have successfully completed the signature and the CryptoPro EDS Browser plug-in is working normally.
If you get an error, see the Error Information section.
How to check if CryptoPro is installedCSP
You can check if CryptoPro CSP is installed by going to the Control Panel Programs and Features (Add or Remove Programs). You can also see the version of the installed product there:
If CryptoPro CSP has not been installed, then a trial version (for 3 months) can be downloaded from our website (to download the file, you need a valid account on our portal): https://www.cryptopro.ru/sites/default/files/ private/csp/40/9944/CSPSetup.exe
After downloading the .exe file, run it and select "Install (recommended)". The installation will take place automatically.
How to check if CryptoPro EDS Browser plug-in is installed
You can check if the CryptoPro EDS Browser plug-in is installed by going to the Programs and Features control panel (Add or Remove Programs). You can also see the version of the installed product there.
If the CryptoPro EDS Browser plug-in is not installed, then the distribution kit can be downloaded from our website: https://www.cryptopro.ru/products/cades/plugin/get_2_0
Plugin installation instructions: https://cpdn.cryptopro.ru/content/cades/plugin-installation-windows.html
How to make sure browser extension is enabled
If you are usingGoogleChrome, then you must enable the extension. To do this, in the upper right corner of the browser, click on the icon Customize and manage Google Chrome (three dots) - More tools - Extensions.
Make sure the CryptoPro Extension for CAdES Browser Plug-in is present and enabled. If the extension is missing, reinstall the CryptoPro EDS Browser plug-in or download the extension from the Chrome Web Store: https://chrome.google.com/webstore/detail/cryptopro-extension-for-c/iifchhfnnmpdbibifmljnfjhpiffofog?hl=ru
If you are usingMozillaFirefox version 52 and above, then you need to additionally install a browser extension.
Allow it to install:
Click Add:
Go to Tools-Add-ons-Extensions and make sure the extension is enabled:
If you are usingInternet Explorer, then when you go to a page in which CAdESBrowserPlug-in is embedded, you will see the following message at the bottom of the page:
Click Allow.
In the Access Confirmation window, click Yes:
If you are usingopera, then you need to install the extension from the Opera add-ons directory:
And in the pop-up window, click - Install extension:
In the next window, click - Install:
Or go Menu-Extensions-Extensions:
Click Add extensions and in the search bar type CryptoPro, select our plugin and click Add to Opera. After that, restart your browser.
You can check if the plugin is enabled in Menu-Extensions-Extensions:
If you use Yandex Browser, then you need to go to Options-Settings-Add-ons and make sure that CryptoPro EDS is available and enabled. If the extension is missing, then you can download it from the Directory of extensions for Yandex Browser using the search for the word CryptoPro.
Error Information
1) CryptoPro window appearsCSP Insert Key Media
The appearance of this window means that you have not inserted the media with the private key for the certificate you selected.
You need to insert a key carrier. Make sure the OS "sees" it and try again.
If the previous steps did not help, you need to reinstall the certificate in the current user's Personal store with a binding to the private key. .
2) Failed to generate signature due to error: Unable to build certificate chain for trusted root authority. (0x800B010A)
This error occurs when the status of the certificate cannot be verified (no private key binding, no access to revocation lists or OCSP service), or root certificates are not installed.
Bind the certificate to the private key:
Check if the chain of trust is being built: open the certificate file (you can open it through Start-All Programs-CryptoPro-Certificates-Current User-Personal-Certificates), go to the Certification Path tab. If there are red crosses on this tab, or nothing at all except the current certificate (except if the certificate is self-signed)
Screenshots with examples of certificates that do not have a chain of trust.
To build a chain of trust, you need to download and install root and intermediate certificates. You can download them from the website of the CA that issued the certificate.
If you use a qualified certificate, then try to install these 2 certificates in the trusted root (these are the certificates of the Head CA of the Ministry of Communications and from them, if the Internet is available, a chain of trust should be built for any qualified certificate), if it does not help, then contact the CA that issued you the certificate .
To install the downloaded certificate to Trusted Root Certification Authorities, right-click on it - Select - Install Certificate - Current User - Place all certificates in the following store - Browse - Trusted Root Certification Authorities - Ok - Next - Finish - when the security warning appears about installing the certificate - click Yes-Ok. if you are installing an intermediate CA certificate, then select the repository - intermediate CAs.
Important: If you create CAdES-T or CAdES-XLongType 1, an error may occur if the TSP service operator certificate is not trusted, in which case you must install the root certificate of the CA that issued it in Trusted Root Certification Authorities.
3) If the signature is created but the certificate chain verification error is on, it means that there is no access to the lists of revoked certificates.
Lists of revoked certificates can be downloaded from the website of the CA that issued the certificate, after receiving the list it must be installed, the procedure is identical to the procedure for installing an intermediate CA certificate.
4) Error: 0x8007064A
The reason for the error is that the licenses for CryptoPro CSP and/or CryptoPro TSP Client 2.0 and/or CryptoPro OCSP Client 2.0 have expired.
To create a CAdES-BES signature, there must be a valid license for CryptoPro CSP
To create an XLT1, there must be valid licenses for the following software products: CryptoPro CSP, CryptoPro TSP Client 2.0, CryptoPro OCSP Client 2.0
You can view the status of licenses through: Start - All Programs - CRYPTO-PRO - Manage CryptoPro PKI licenses.
Solution: Purchase a license for the desired software product and activate it:
Start - All Programs - CRYPTO-PRO - CryptoPro PKI license management - select the desired software product - open the context menu (right-click) - select the All tasks item select the Enter serial number... - enter the license serial number - press the OK button
5) Keyset does not exist (0x80090016)
Error reason: The browser does not have enough rights to perform the operation - add our site to trusted
6) Access denied (0x80090010)
Error Cause: The private key has expired. Check the validity period Go to Start->All Programs(all applications)->CryptoPro->CryptoPro CSP. Go to the Service tab. Select the Test item, select a container with a private key, and in the test results you will be able to see its validity period. It is recommended to get a new key.
7) Error: Invalid algorithm specified. (0x80090008)
This error occurs if you are using a certificate whose algorithm is not supported by your crypto provider.
Example: You have CryptoPro CSP 3.9 installed and the certificate issued according to GOST 2012.
Or if a hash algorithm is used that does not match the certificate.
Also check the relevance of the CryptoPro CSP version.
In recent years, most of the workflow has moved to the field of remote service via the Internet, while paper media are gradually being replaced by electronic virtual counterparts. The most popular software product "Crypto Pro", with the help of which the confirmation of an electronic digital signature is carried out. But for reliability and reliability, it is necessary to check the “CryptoPro EDS Browser plug-in” plugin and make sure that it is installed correctly on a computer or other electronic device.
The nuances of the plugin and system requirements
For the normal functioning of all departments, the question arises of ensuring the necessary level of data protection when signing documents, maintaining secrecy and trade secrets. The solution of problems is achieved by the development of special software products and algorithms that encrypt and decrypt the information included in the document, at the same time confirm its authenticity. These programs are a certified product and cover certain areas of the information field.
The essence of their work is to process documents online using special extensions for all browsers that have JavaScript support. It functions freely on all major operating systems except Android. The plugin allows you to endorse the following types of documents:
- in electronic format;
- files that are downloaded from the user's computer;
- text messages and other types of documentation.
For example, when transferring funds in Internet banking, using the “CryptoPro EDS Browser plug-in” check, you can confirm that the operation comes from the account holder with an active key certificate that is valid at a particular moment. This software checks advanced and conventional electronic CPU. At the same time, there is no need to connect to the Internet when checking, documentation is archived. An electronic signature can be:
- attached, that is, added to the approved documents;
- separated ES, that is, created separately.
The software product "CryptoPro EDS Browser plug-in" is distributed free of charge and can be downloaded from the official website. The plug-in is checked on the user's computer.
Software installation
The installation process is simple. You should go to the official portal cryptopro.ru/products/cades/plugin/get_2_0. Upload specifying where the cadesplugin.exe boot file will be saved. Run the program.
Important! Plugin launch is not available for regular users. You need to have administrator rights.
Upon successful completion, a corresponding notification will be displayed on the monitor screen.
But this message is not a guarantee of correctness in work. It will be necessary to carry out additional configuration and verification of the Browser plug-in EDS, depending on the type of browser used. For correct operation, the installed program must be restarted, in some cases with a complete reboot of the computer.
Advice! In whatever browser the program is used, after installation, you should always restart it.
Features of the installation process
Given that each browser is somewhat different in how it works, the plugin is adapted for each environment.
Attention! If errors are detected before starting work and the program does not create objects, then it is necessary to allow launching independently for specific sites or pages that the user often visits.
In cases where the plug-in is used on specific pages, an appropriate icon is required, which will indicate the possibility of using this extension.
To do this, you need to find the CryptoPro CAdES NPAPI Drowser Plug-in and allow it to be used in automatic mode. This is true for Mozilla Firefox. For Opera and Yandex, the procedure for using the extension is identical.
Find the "Extensions" item in the menu, and load the plugin through it. You can also copy and paste the name of the extension into the appropriate query string. The system will do everything by itself. For the Google Chrome browser, the extension will be found by itself, and the user will have to confirm the installation.
After performing all operations and settings, you must close all windows and tabs, restart the browser again.
What to do if the system "does not detect" the program?
It often happens that when installing the plugin and then trying to work with the EDS, problems appear. A window pops up asking you to install the program. In this case, it is recommended to contact the developers' website in the "Contacts" section to state the essence of the problem and get appropriate recommendations. It is recommended to provide screenshots of all activities. In this case, it will be much easier to identify the problem. If the check was successful, then a corresponding notification appears that the plugin has been loaded.
Software Recommendations
If you have to reinstall an existing plugin, but not working, then you first need to:
- remove it and all unnecessary programs through the "Control Panel";
- clear cache memory;
- re-download the plugin and run it with administrator rights;
- be sure to add all the pages of "Personal Accounts" to trusted nodes.
Before starting work on the public services portal, set up a workplace. The article describes step-by-step instructions for setting up a workplace.
Step 1. Installing CIPF
CIPF (means of cryptographic protection of information) is a program for encrypting information. Without CIPF, the electronic signature will not work.
Download the distribution kit on the CryptoPro website in the "Support" -> "Download Center" section. The section is available after registration. Which distribution to download depends on the version and bitness of the operating system.
CryptoPro is divided by operating system versions (Windows XP, Windows 7, etc.) and their bit depth (x64/x86).
Determine the version of your operating system to download the appropriate version of "CryptoPro CSP".
In the latest versions of CryptoPro, the distribution kit automatically determines the bit depth and installs the necessary packages.
This manual covers the most popular Windows 8 operating system.
How to determine the version and bitness of the OS?
Right-click on the "Computer" icon (on different operating systems - "My Computer" or "This Computer") and select the "Properties" context menu item.
A window with information about the operating system appeared on the screen.
Please note that the operating system installed on the computer is Windows 8 Professional. Suitable distribution kit CryptoPro CSP 3.9.
Accept the license agreement. Download the distribution.
Pay attention to the correspondence between the version of the distribution kit "CryptoPro CSP" and OS Windows.
|
OSWindows |
CryptoProCSP |
|
CryptoPro CSP 3.6 |
|
|
CryptoPro CSP 3.6 |
|
|
CryptoPro CSP 3.6 |
|
|
CryptoPro CSP 3.9 |
|
|
CryptoPro 3.9 (4.0) |
How to install a distribution?
Run the distribution and click "Install".
Install all software as a user with administrator rights.
The necessary packages and modules will be unpacked automatically. After installing the packages and modules, a window about successful installation will appear.
In earlier versions of CryptoPro CSP, installation took place in several successive steps, in which additional settings are selected and a serial number is entered. Now the installation procedure has been simplified to a minimum of actions.
The encryption tool has been installed. Trial mode for 3 months was activated automatically. To extend the term, enter the serial number.
Order a means of cryptographic protection of information
Step 2. Entering the serial number / Activating the license
To enter the serial number, enter the "Control Panel", select the "System and Security" category, and then the "CryptoPro CSP" program.
The CryptoPro CSP workspace will appear on the screen.
Click the "Enter License..." button in the "License" section.
Enter your full name the user who plans to work on the computer, the name of the organization, the serial number. It is indicated on the form of the purchased license.
Finish activating the license, click on the "OK" button.
On the General tab, the license validity period will change to the one specified in the license.
Work with "CryptoPro CSP" is over, next time CIPF will be needed to set up an electronic signature and install root certificates.
Step 3. Installing a personal certificate
Go to the "Service" tab and in the "Certificates in the Private Key Container" section, click the "View Certificates in the Container..." button.
A window with a key container selection will appear on the screen.
Click the "Browse" button to see the electronic signatures that are recorded on a secure medium.
A window will appear with a choice of key container.
If there is only one electronic signature on the carrier, there will be no problems with the choice.
If there are several entries, and you do not know which electronic signature is needed, select the first entry in order and click "OK". Then - the "Next" button.
Information about the selected electronic signature will open.
Have you determined that you need a different signature? Click the back button and choose a different signature.
Continue to open information about signatures until you find the right one.
Did you find the right signature? Click the "Install" button.
After successfully installing the personal certificate, a notification will appear on the screen. Click the OK button. The personal certificate is installed.
Purchase an electronic signature for the portal "Gosuslugi"
Step 4Installing the Root CA Certificate
To install the root certificate of the Certification Authority, click the "Properties" button. An electronic signature certificate will open
"ASP Electronic Services" issues qualified electronic signatures from the certification center "Kaluga Astral"
On the General tab, you will see a message: "This certificate could not be verified by tracing it to a trusted certificate authority." To fix this, go to the "Certification Path" tab.
In the "Certification Path" section, a chain is indicated from the full name. manager to the publisher (certifying authority).
To install the CA root certificate, double-click on it with the left mouse button. An electronic signature certificate window will open.
Click the "Install Certificate" button.
The Certificate Import Wizard will open, click Next.
Place the cursor in the item "Place all certificates in the following store", click the "Browse" button.
A list of repositories for installing certificates will open.
You are now building a chain of trusted certificates, so select the Trusted Root Certification Authorities store with the OK button. Then click Next.
At the final stage, click the "Finish" button.
The installation of the certificate will begin.
The operating system will warn you about the installation of the certificate and ask you to confirm that you are the one installing the certificate.
A security warning will appear on the screen.
The security system cannot check the Certification Center of CJSC Kaluga Astral, because Microsoft (the creators of the Windows OS line) is not aware of CJSC Kaluga Astral. Do not worry and agree with the installation.
After installing the root certificate, a window will appear on the screen with a notification of successful installation. Close it by clicking OK.
Step 5Setting upinternet browser
Most government portals work exclusively in Internet Explorer version 8.0 or higher. This is due to two reasons:
- Internet Explorer is built into every OS of the Windows family.
- Not all Internet browsers support the ActiveX controls required to perform cryptographic tasks on the Internet.
Internet Explorer Icon
Step 6: Set up trusted hosts
Add the addresses of electronic sites to trusted ones so that the Internet browser can run all the necessary "scripts" and modules for working with cryptography.
Launch the Internet Explorer browser and press the "Alt" button on your keyboard.
An action bar will appear at the top of the browser. Click the "Tools" -> "Internet Options" button on the panel.
The Internet Options window will open. Go to the "Security" tab.
Select the Trusted Sites zone and click the Sites button.
In the "Trusted Sites" window (at the bottom), uncheck the box "Require server verification (https:) for all sites in the zone".
In the line "Add the following host to the zone:" enter the address of the portal https://*.gosuslugi.ru . Click Add.
Step 6Configuring ActiveX Components
After adding the nodes, enable the ActiveX components.
In Internet Options, on the "Security" tab, select the "Trusted Sites" zone.
At the bottom of the window, in the "Security level for this zone" section, click the "Custom" button. A window will open with security settings for trusted sites.
In the "Access to data sources outside the domain" option in the "Miscellaneous" section, set the cursor to "Enable".
In the "Block pop-ups" option in the "Miscellaneous" section, set the cursor to "Enable".
At the bottom of the parameter table there is a section "ActiveX controls and plug-ins". Place the cursors in the "Enable" items for all parameters of this section. Click OK and close all open windows. Browser setup completed.
Try to enter the public services portal. You will receive an error notification.
How to install the plugin?
To download the plugin distribution kit, follow the link: https://ds-plugin.gosuslugi.ru/plugin/upload/Index.spr plugin.
Download and install the plugin following the installation wizard.
Restart your internet browser. Your workplace is set up, proceed to registration and / or work on the State Services portal.
In our time, the workflow is increasingly moving to the screens of monitors. Instead of standard paper media, virtual documents come that do not need to be collected, certified, duplicated and stored in an archive. But the use of electronic document management carries one inevitable difficulty: the problem of data protection, certification of documents and maintaining privacy. It is here that the question arises about the use of special algorithms that perform two functions:
- protect the data contained in the file;
- certify the electronic document.
Such algorithms execute special programs that have passed the appropriate certification and are designed to encrypt and decrypt certain information. One of these programs is called Crypto Pro.
What is the purpose of the crypto pro program
Crypto Pro was founded in 2000 and since then has been one of the leaders in the market of crypto programs and electronic digital signatures. Developers not only implement individual software products, but also offer ready-made utilities that process documents online through special browser extensions. Crypto-Pro EDS Browser plugin can be purchased on the company's website, and its installation is possible on all types of popular browsers.
How to install Crypto-Pro EDS
This plugin can be found on the company's website or at the link: https://www.cryptopro.ru/products/cades/plugin/get_2_0
After the transition, you can see a window where you will be prompted to download and select the location to save the installation file cadesplugin.exe
After downloading to the selected disk, the installed file should be run:
Please note that for ordinary users, launching the installation of the browser plugin Crypto Pro is not possible. The process can be activated only with administrator rights. If the user has them, then you can see the following notification on the screen:
The following window will indicate the successful installation of the plugin:
Correct installation does not guarantee the correct operation of the plugin. The browser must be restarted, and in the case of Chrome, a complete restart of the computer may be required.
Features of installing browser plugin Crypto Pro
For various browsers, developers have come up with special add-ons that facilitate the work of the plugin. For example, for later versions of FireFox, there is an add-on that is proposed to be installed immediately after the main part of the process.
Sometimes an error occurs before work, and the plugin is not able to create objects.
This problem is solved quite simply: you should allow add-ons to run separately for certain sites or for all pages visited by the user.
If the plugin is allowed to be used on individual sites, you should go to the desired page and find a separate icon in the search bar indicating the possibility of using the extension:
If the plugin will work with all sites, it should be launched from the "Add-ons" option:
In the list of all possible add-ons, look for CryptoPro CAdES NPAPI Browser Plug-in and allow its use in automatic mode:
For Opera and Yandex browsers, the process of applying the extension will be identical. In the menu we find the option "Extensions", through we do not load the necessary plugin.
Three necessary steps for working with EDS in the UEC on the website of public services (gosuslugi.ru)
3. Working with the public services website - “Installing the plug-in for working with the public services portal" (The Rostelecom plug-in should be installed without running browsers). According to the instructions, we also add the address https://esia.gosuslugi.ru to the "list of trusted sites for Internet Explorer" (how?).
When registering on the public services portal using an EDS, select the item “Verify identity using an electronic signature”, then “Electronic signature tool with a software crypto provider”, click “Next”, select a certificate for registration by EDS, after clicking on “OK” and a long wait in the "Password" field, enter the 6-digit "ID.PIN2" from UEC.
When entering the public services portal using an EDS (may be needed if you forgot your password), select authorization "Via a crypto provider", click "Login", select a certificate for authorization by EDS, after clicking "OK" and a long wait in the "Password" field, enter 6 -digit "ID.PIN2" from UEC.
If you make a mistake three times with entering the password ... you will have to go with your legs to unlock the EDS where you received it, you will need an 8-digit "ID.KRP" from UEC to unlock.
For completeness, I’ll add that “ID.PIN1” from UEC serves to identify the owner (it can be requested, for example, at the hospital registry), and “BankPIN” is the password for the banking application of the card (requested at terminals, at checkouts).
And finally - FAQ (Frequent Questions) from the developers.
