Electronic budget not found list of revoked certificates. Installation of root certificates and the certificate revocation list of the certification authority. Error “403 Access denied “Root certificate not found”
To install these certificates, you need to go to “Internet Options” in Internet Explorer. This item is located in the “Service” tab (or the image of a gear in new versions of the browser –) (Fig. 1).
You can also open “Internet Options” (“Internet Options”) through the “Control Panel” (showing small icons) of your operating system.
Rice. 1 Location of the “Tools” section - “Browser Options” in Internet Explorer.
1) In the window that opens, select the certificate you are using and double-click on it (Fig. 3).
Rice. 3 List of certificates installed on the computer
In the information window located below, in the “Full name” column, use the keyboard (hot keys Ctrl+C) to copy the link (starting with the letters “http” to the end of the line) (Fig. 4, No. 3).
Rice. 4 Contents of the certificate
3) In the Internet Explorer window, the previously copied link is pasted into the address bar (Fig. 5).
Rice. 5 Internet browser address bar
Rice. 6 Load window
5) After downloading, click on “Open folder”. A Windows window will open, where the downloaded file will be highlighted in blue.
6) To install a certificate revocation list on a previously downloaded file, you need to right-click and select the line “Install revocation list (CRL)” (Fig. 7, No. 2).
When installing the root certificate, select the “Install certificate” line.
Rice. 7 Setting up a revocation list
8) From the options provided, select “Place all certificates in the following store” and click “Browse” (Fig. 8).
Rice. 8 Selecting the certificate installation location
9) In the new window that appears, check the box next to “Show physical storage” (Fig. 9, No. 1). Open the “Trusted Root Certification Authorities” section (Fig. 9, No. 2).
Rice. 9 Selecting a certificate store
11) Wait for the information message “Import completed successfully.”
Repeat the same procedure from point 2.4 to install the Root Certificate of the Certification Authority. At this stage, instead of “Distribution points..”, select “Access to information about centers...”.
12) Restart your browser.
Common mistakes when connecting to GIIS
« Electronic budget»
If you encounter problems connecting to the GIIS “Electronic Budget”, you need to check the settings:
1. Login to your personal account using the link http://lk. budget. gov. ru/ udu- webcenter;
2. check the “Continent TLSVPNClient” settings.
Open the Settings Configurator (Start > All Programs > Security Code > Client > Settings Continent TLS Client), “Port” value must be specified 8080 , "Address" -lk. The “Use external proxy server” checkbox should not be there, if the organization does not use an external proxy, “Require RFC 5746 support” can be removed.
After adding the TLS Continent certificate, the "Certificate" field should indicate "<»;
Figure 1. Service setup
3. check your browser settings.
Using the MozillaFireFox browser as an example, launch the browser, open the connection parameters (Main menu of the browser “Tools”> “Settings”> “Advanced” tab> “Network” tab> “Configure” button). Select “Manual configuration of proxy service” in the “HTTP” field proxy" specify the value 127.0.0.1, "Port" - 8080. Check the box "Use this proxy server for all protocols."
The "Do not use proxy for" field should not be set to 127.0.0.1.
Figure 2. Connection parameters
Typical errors when connecting to GIIS
« Electronic budget»
Solution options: 1) Disable the antivirus. If the problem is solved, change the antivirus settings 2) Check the TLS and browser settings.
2. 403 Access denied. The server certificate differs from the one specified in the settings. The length of the certificates varies.
Solution: Check the certificate specified in the TLS settings by the name in the line. Should be "<».
3. The certificate selection window does not appear.
Solution: Uncheck “Require RFC 5746 support” if checked. Otherwise, check the other settings.
4. 403 Access denied. The root certificate was not found.
Solution: Reinstall the Federal Treasury CA certificate (if it has already been installed).
For WindowsXP:
Start>Run>mmc>console>add or remove snap-in>add “certificates” (Fig. 3)>my account>Done>OK>expand the list>open the line “trusted root authorities” - “certificates”>in an empty area of the window with certificates, right-click and select (Fig. 4)>all tasks>import>
Figure 3
Figure 4
For Windows 7:
Start>Run>mmc>file>add or remove snap-in>add snap-in “certificates” (Fig. 5)>add>my account>Finish>OK>expand the contents and go to the line “trusted root authorities” - “certificates” ( Fig. 6)>in an empty area of the window with certificates, right-click and select>all tasks>import>select the desired certificate and install.
Figure 5
“Electronic budget” you need to check the settings:
Login to your personal account using the link http://lk. budget. gov. ru/ udu- webcenter;
check the “Continent TLS VPN Client” settings.
After adding the TLS Continent certificate, the Certificate field must indicate "<.budget.gov.ru>
check your browser settings.
The "Do not use proxy for" field should not contain the value 127.0.0.1.
Typical errors when connecting to GIIS
« Electronic budget»
401 Authorization error. Error establishing a secure channel using the TLS protocol.
403 Access denied. The server certificate differs from the one specified in the settings. The length of the certificates varies.
The certificate selection window does not appear.
403 Access denied. The root certificate was not found.
For Windows XP:
Start > Run > mmc > console > add or remove a snap-in > add “certificates” (Fig. 3) > my account > Finish > OK > expand the list > open the line “trusted root authorities” - “certificates” > in an empty area of the window with certificates, right-click and select (Fig. 4)> all tasks> import> select the desired certificate and install.
Figure 3
Figure 4
For Windows 7:
Start > Run > mmc > file > add or remove a snap-in > add the “certificates” snap-in (Fig. 5) > add > my account > Finish > OK > expand the contents and go to the line “trusted root authorities” - “certificates” ( Fig. 6) > in an empty area of the window with certificates, right-click and select > all tasks > import > select the desired certificate and install.
Figure 5
Not long ago, budgetary organizations, namely the administrations of village councils, began to contact me with a request to help them set up the Electronic Budget system. This is another project of our government, give_them_health, as part of the services of the Electronic Government of the Russian Federation project. Grandmothers and aunties in villages and village councils have old computers and very slow Internet. Join our group on VK! Under repair! Smart workshop!
They are obliged, just like everyone else, to be able to install this according to the instructions and use it. Otherwise, the deadlines. Someone is waiting for fulfillment, so workers of rural administrations are reaching out to those who can help them with this. Naturally, they don’t have a full-time programmer. Well, okay, these are all lyrics. Let's get down to business. People have a disk in their hands, apparently with distribution kits, and a desire for this kind of Electronic Budget to work for them.
On the disk, in principle, everything is neatly laid out and it was not a problem to install the whole thing according to the instructions. By the way, the instructions are also on the Roskazna website itself. There were no special problems following the instructions to install a set of programs, certificates, etc. As a result, after the last reboot and setting up a proxy in the browser (Mozilla was selected). Trying to access the site http://lk.budget.gov.ru/ was not successful. After selecting a user certificate, the site began to complain: The root certificate was not found. Although I personally installed it, adding it to the trusted root certificates according to the instructions. After sitting for a while and looking through the instructions again, I discovered this interesting point, which I think other people may encounter.
But for me it stubbornly displays as:
As we can see, there is no Local Computer storage here. This is where the dog rummaged. Well, okay, apparently they know better there, and we’ll go around, adding where necessary. To do this, click Start and in the line Find programs and services dial: certmgr.msc.
The System Certificates management console opens. Let's go to Trusted Root Certification Authorities -> Local computer-> Right click on Certificates -> All tasks -> Import.
The Certificate Import Wizard will open. Click Next -> Browse -> and specify the path to the root certificate file. By the way, if you haven’t downloaded it according to the instructions, you can download it from the Roskazna website by choosing a qualified one.
If you opened certmgr.mscand you don’t even have branches there Local computer. Don’t get upset, there is still a way, click Start and in the line Find programs and services dial: mmc. If you are a Win 7 or higher user, I advise you to run mmc as an administrator. I wrote how to do this. In the console that opens, go to the menu File -> Add remove snap-in. We look for available equipment in the list Certificates. We sequentially add the equipment for the current user and the local computer.
And voila, going to http://lk.budget.gov.ru/ making sure everything works. The root certificate error should at least go away. But I can’t promise that everything will work. In general, I advise you to log in every time through http://budget.gov.ru/ After Entrance in the upper right corner, and on the large button Login to your personal account of the “Electronic Budget” system. Well, don’t be afraid of mistakes, etc. The system is currently running in test mode, and it is not the first time that it is logged in. We poke and we suffer :)
Join our group on VK!
public finance management "Electronic budget"
Knowledge base
for installing and configuring software for an automated user workstation of the Electronic Budget system
abstract.. 3
1.... List of terms and abbreviations.. 4
2.... List of possible connection problems... 5
3.... Solution options.. 6
3.1. Error “403 Access denied “The current certificate revocation list was not found.” 6
3.2. Error: 403 Access denied: Root certificate not found. 7
3.3. “Authentication error: User account not found in the system. Contact the Registrar of the Federal Treasury." 8
3.4. Error “403 Access denied” “The correct client certificate was not selected. The selected key container format is not supported." 8
3.5. Error "503 Destination server is unavailable." 8
Change registration sheet.. 10
annotation
This document contains a list of possible problems and ways to eliminate them when installing and configuring the software of an automated workstation for a user of the Electronic Budget system.
2. List of terms and abbreviations
The following terms and abbreviations are used in this document:
AWP is an automated workstation for the user of the Electronic Budget system;
Software – software;
The “Electronic Budget” system is a state integrated information system for managing public finances “Electronic Budget”.
3. List of possible connection problems
The list of possible problems when installing and configuring the software is given in the table (Table 1).
Table 1. List of possible problems when installing and configuring the software.
No. p/P | Description of the error | Chapter |
Error “403 Access denied “The current certificate revocation list was not found” | ||
Error “403 Access denied “Root certificate not found” | ||
“Authentication error: User account not found in the system. Contact the Registrar of the Federal Treasury" | ||
Error “403 Access denied” “The correct client certificate was not selected. The format of the selected key container is not supported" | ||
Error "503 Destination server unreachable" | ||
The required certificate is missing from the user certificate selection window |
4. Solution options
4.1. Error “403 Access denied “The current certificate revocation list was not found”
4.2. Error “403 Access denied “Root certificate not found”
4.3. “Authentication error: User account not found in the system. Contact the Registrar of the Federal Treasury"
4.4. Error “403 Access denied” “The correct client certificate was not selected. The format of the selected key container is not supported"
4.5. Error "503 Destination server unreachable"
4.6. The required certificate is missing from the user certificate selection window
Change registration sheet
Document version number | Change date (dd. mm. yyyy) |