Login failed. Budget planning - electronic budget (login with certificate). This page cannot be displayed. Enable TLS protocols. Electronic budget. Root certificate not found Installing the cryptoprovider "CryptoPro CSP"

Users are connected to the budget planning subsystem of the state integrated information system for public finance management “Electronic Budget” using a qualified electronic signature verification key certificate.

Technical requirements

equipment requirements

The following minimum technical requirements are established for automated workstations of System users:

1. Processor with a clock frequency of at least 600 MHz;
2. The amount of RAM is at least 128 MB;
3. Hard disk capacity of at least 10 GB;
4. Keyboard;
5. SVGA monitor (graphics mode must have a resolution of at least 1024x768);
6. USB port;
7. Qualified electronic signature verification key certificate;
8. Mouse type manipulator.
9. The workplace must have access to the Internet with a speed of at least 256 Kbps.

Requirements for the software of the “Electronic Budget” system

Software required to provide the ability to sign documents with an electronic signature:

1. Internet browser “Internet Explorer” version 10.0 and higher;
2. Operating system Windows Vista/7/8/8.1;
3. Certified version of "CryptoPro CSP"

Certificate requirements

For approval (signing) of documents, any certificate of a legal entity issued by an accredited CA indicating the individual (certificate owner) acting on behalf of the legal entity on the basis of constituent documents or a power of attorney is suitable.
In accordance with Order of the FSB of the Russian Federation dated December 27, 2011 No. 795 “On approval of the Requirements for the form of a qualified electronic signature verification key certificate,” a legal entity certificate must contain:

• unique number of the qualified certificate;
• start and end dates of the qualified certificate;
• name and place of the legal entity, as well as in cases provided for by Federal Law, last name, first name and patronymic (if any) of an individual acting on behalf of the owner of a qualified certificate - a legal entity on the basis of the constituent documents of the legal entity or a power of attorney;
• the main state registration number (hereinafter referred to as OGRN) of the legal entity - the owner of the qualified certificate;
• taxpayer identification number (hereinafter - TIN) of the legal entity - the owner of the qualified certificate;
• ES verification key;
• name of the ES tool used and (or) standards, the requirements of which the ES key and the ES verification key meet;
• names of digital signature tools and funds of an accredited CA that were used to create a digital signature key, digital signature verification key, qualified certificate, as well as details of a document confirming the compliance of these funds with the requirements established in accordance with the Federal Law;
• name and location of the accredited CA that issued the qualified certificate;
• number of the qualified certificate of the accredited CA;
• restrictions on the use of a qualified certificate (if such restrictions are established).

In addition, for working in the budget planning subsystem, a certificate
must have an additional SNILS field (snils), indicating the SNILS number
authorized person - certificate holder.

Setting up the software for the Electronic Budget system

Installation of the cryptoprovider "CryptoPro CSP"

1. Download and run the certified version installation file
"CryptoPro CSP", available for download at https://www.cryptopro.ru/products/csp/downloads. Installer Welcome Window
“CryptoPro CSP” is presented in the figure (Figure 1).

Picture 1.

2. Click the "Install" button. After completing the installation and configuration process of CryptoPRO CSP, a message indicating successful installation will appear (Figure 2).

Figure 2.

When installing the CryptoPro CSP program, you may be asked for a license key that comes with the CryptoPro CSP installation package.

3. Launch “CryptoPro CSP” (Start/All Programs/CryptoPro/CryptoPro CSP). Open the “TLS Settings” tab and adjust the program settings in accordance with Figure 3 (reconfiguration may require administrator rights on the local computer and a computer restart).

Figure 3.

4. If a flash drive or floppy disk is used as a carrier of key information for the user certificate, run “CryptoPro CSP” (Start/All Programs/CryptoPro/CryptoPro CSP). Open the “Equipment” tab, click the “Configure readers” button. In the window that appears, select “All removable drives” (Figure 4).

Figure 4.

5. Click the "Add" button. If the add button is inactive, go to the “General” tab and click the “Run with administrator rights” button.
6. In the “Reader Installation Wizard” window, click the “Next” button.
7. In the window that appears, select the reader corresponding to the USB port, key media on a flash drive or floppy disk drive.
8. In the “Reader Installation Wizard” window, click “Next” and
"Ready".

Installing the driver for the user certificate key information carrier used
If eToken or Rutoken type media is used as a carrier of key information for a user certificate, you must install the driver for the corresponding drive in the OS (if it has not been installed previously). If the required driver is not installed, you must:
a) Media driver type Rutoken
1. Download and run the installation file, available on the page http://www.rutoken.ru/support/download/drivers-for-windows/. The welcome window for the Rutoken driver installer is shown in the figure (Figure 5)

Figure 5.

Figure 6.

3. Click the "Install" button. The installation of Rutoken drivers on the user's workstation will begin. The installation may take several minutes; information about the installation progress is displayed in the window shown in the figure (Figure 7).

Figure 7

After the installation is complete, the user will receive a message indicating the successful installation of drivers, shown in the figure (Figure 8)

Figure 8

4. Click the "Done" button. The Rutoken driver installer window will be closed.
5. If a dialogue appears about the need to reboot the User’s automated workstation, answer in the negative.

b) eToken media driver
1. Download and run the installation file, available on the page http://www.aladdin-rd.ru/support/downloads/etoken/. The eToken driver installer welcome window is shown in the figure (Figure 9).

Figure 9.

2. Click the “Next” button. A dialog for selecting the language that will be used in the installed software will appear on the screen (Figure 10).

Figure 10.

3. In the field, select the language “Russian” and click “Next”. The license agreement dialog will appear on the screen (Figure 11).

Figure 11.

4. Select the “I accept the license agreement” item and click the “Next” button. A dialog for selecting the installation path for the components of the installed software will appear on the screen (Figure 12).

Figure 12.

5. Leave the default installation path or change it to the required one. Click the "Next" button. The installation of the program and drivers will begin. The installation process dialog is shown in the figure (Figure 13).

Figure 13.

After the installation is complete, the user will be shown a message about the successful installation of drivers, shown in the figure (Figure 14).

Figure 14.

7. If a dialogue appears about the need to reboot the user’s automated workstation, answer negatively or reboot.

Installing a Personal Certificate and a Trusted Root Certification Authority Certificate
The installation of a user certificate and a trusted root certification authority is performed under the user account that will be used when logging into the personal account of the Electronic Budget system. To add certificates: 1. Launch “CryptoPro CSP” (Start/All Programs/CryptoPro/CryptoPro CSP). In the window that opens, on the “Service” tab, click on the “View certificates in container” button (Figure 15).

Figure 15.

2. In the “Certificates in the private key container” dialog box that opens, click on the “Browse” button and select the used key 15 (a key pre-installed in the USB port or drive, provided on the ruToken/eToken media”) (Figure 16). After that, click on the “OK” button.

Figure 16.

3. To complete the selection of the private key container, click the “Next” button (Figure 17).

Figure 17.

4. In the dialog box that opens, click on the “Install” button (Figure 18).

Figure 18

5. After installation, a notification will appear indicating that the certificate was installed successfully. To confirm, click the “OK” button (Figure 19).

Figure 19.

If during the execution of the actions the message “A new certificate was added to the certificate store” (Figure 20) appears, you must click the “Cancel” button.

Figure 20

6. To install a trusted root certification authority certificate, click the “Properties” button in the certificate selection window (Figure 18).
7. In the window that opens, go to the “Certification Path” tab (Figure 21).

Figure 21.

8. Check if the top-level certificate (Trusted Root Certification Authority certificate) is installed.
Sign (1) indicates that the certificate is not installed.
Sign (2) indicates that the certificate is installed.

If the first certificate in the list has a 1 sign, then click the left mouse button to select this certificate. If the first certificate in the list has a 2, go to step 22 of section 1.3.2 of these instructions.

9. After selecting a certificate, click on the “View Certificate” button. In the window that opens, go to the “Composition” tab and click on the “Copy to file...” button (Figure 22).

Figure 22.

10. In the Certificate Export Wizard that opens, click the “Next” button.
11. Make sure that in the window that opens for selecting the format of the exported certificate, only the option “X.509 files (.CER) in DER encoding” is selected, then click the “Next” button.
12. In the Export File Name window, click Browse.
13. In the “Save As” dialog box, go to the “Desktop” folder, in the “File name” field, specify “Certificate for EB”, click the “Save” button.
14. Make sure that in the “Exported file name” window, in the “File name” field, the path to save the certificate is correctly displayed (for example, C:\Users\0990\Desktop\Certificate for EB.cer). Click "Next".
15. Confirm the successful export of the certificate by clicking the “OK” button.
16. In the “Completing the Certificate Export Wizard” window, click the “Finish” button
17. Go to the “Desktop” folder, find and open the “Certificate for EB.cer” file.
18. In the window that appears, click on the “Install certificate” button (Figure 23). The certificate import wizard will be displayed on the screen, where you need to click the “Next” button.

Figure 23.

19. In the “Certificate Storage” window (Figure 24), select manual placement of the certificate by specifying the “Place certificates in the following storage” field. Click the “Browse...” button.

Figure 24.

20. In the certificate store selection window, select the “Trusted Root Certification Authorities” container. Click the “Ok” button (Figure 25).

Figure 25.

21. In the “Certificate Import Wizard” window, click the “Next” button and then the “Finish” button. If the certificate import is successful, the “Import completed successfully” dialog will be displayed, where you need to click the “OK” button. If a Security Warning window appears, click Yes.
22. Make sure that a personal certificate with a name similar to what was specified in the “Certificate” field in Figure 18 is successfully installed in the “Certificates - Current User - Personal - Registry - Certificates” directory. To do this, run the “Certificates” utility located in “Start/All Programs/CryptoPro/Certificates” and find this certificate in the directory “Certificates – current user – Personal – Registry – Certificates” (Figure 26)

Figure 26

23. If the certificate is missing, return to step 4, click the “Properties” button and install the certificate by following steps 18-21 of section 1.3.2 of these instructions, selecting the “Personal” container in step 20.
24. If the certificate is present, open it. Go to the "Certification Path" tab and check if the Trusted Root Certification Authority certificate is installed in accordance with step 8 of section 1.3.2 of this manual. If the certificate is installed, then the user's automated workstation is successfully configured to work with the System.

Setting up Internet Explorer
1. Open the properties of the Internet Explorer web browser.
2. Go to the “Security” tab.
3. Select the zone for the “Trusted Sites” setting.

Figure 27

4. Click the “Sites” button.
5. In the “Add the following node to the zone” field, set the value “https://ssl.budgetplan.minfin.ru/” and click the “Add” button.

Figure 28

6. In the “Trusted Sites” window, click the “Close” button.
7. In the “Browser Properties” window, click the “OK” button.

Installing the root certificate of the certification center of the Ministry of Finance of Russia
1. Download the file of the root certificate of the certification center of the Ministry of Finance of Russia from the link http://ssl.budgetplan.minfin.ru/caMinfin.cer.
2. Open the downloaded caMinfin.cer file. 3. Follow the steps in the “Installing a personal certificate and a trusted root certification authority certificate” section of this manual.

Problem

When trying to log into the personal account of the GIIS “Electronic Budget”, an error message appears:

This page cannot be displayed

Enable TLS 1.0, TLS 1.1 and TLS 1.2 protocols in the “Advanced settings” section and try connecting to the web page https://ssl.budgetplan.minfin.ru again. If you cannot resolve the error, contact your website administrator.

Solution

It is necessary to check the workplace settings according to the document.

The instructions do not mention several nuances:

1. You need to install CryptoPro EDS Browser plug-in and check its operation on the demo page.
2. It is necessary to disable filtering of the SSL/TLS protocol in the antivirus settings; in other words, for the site you are looking for, you should make an exception for checking a secure connection. It may be called differently in different antiviruses. For example, you need to go to Kaspersky Free “Settings>Advanced>Network>Do not check secure connections” .

lk.budget.gov.ru/udu-webcenter- if you came to this page, it means you tried to log into your Electronic Budget account, but were unable to do so.

Why? Let's try to answer the question.

1. First of all, we check whether you also have the Jinn and Continent TLS programs installed (at the time of writing, version 1.0.920.0 was installed). I advise you to immediately switch to

2. - The main reason why you could not enter the Electronic Budget when all the programs necessary for operation were installed was that the browser was not configured (Mozilla Firefox, Internet Explorer, Google Chrome, Opera). Let's look at the example of popular browsers for working in the Internet.

Browser settings are not required to work in Electronic Budget after switching to Continent TLS 2.0!!!

I advise you to set everything to Internet Explorer!!!

a) Internet Explorer
1. Open web browser properties.
2. Go to the “Connections” tab.
3. Click the “Network Settings” button.
4. In the “Proxy server” section, set the Address: 127.0.0.1, Port: 8080 fields.
5. Click the “OK” button.
6. Go to the “Security” tab.
7. Select the zone for the “Trusted Sites” setting.
8. Click the “Sites” button.
9. In the “Trusted Sites” window, uncheck the “Server verification (https:) is required for all sites in this zone.”
10. In the “Add the following node to the zone” field, set the value “http://lk.budget.gov.ru” and click the “Add” button.
11. In the “Trusted Sites” window, click the “Close” button.
12. In the “Browser Properties” window, click the “OK” button.

b) Google Chrome
1. Open your web browser settings.
2. Go to the bottom of the settings window and activate the “Show additional settings” link.
3. Click the “Change proxy server settings” button.
4. Repeat paragraph 4-12 of section “a) Internet Explorer”.

c) Mozilla Firefox
1. Open the "Tools" menu and select "Settings".
2. Go to the “Advanced” section and go to the “Network” tab.
3. In the “Connection” settings section, click the “Configure…” button.
4. In the connection parameters window that opens, set the value to “Manual configuration of proxy service”.
5. Set the values ​​of the HTTP proxy fields: 127.0.0.1; Port: 8080.
6. Click the “OK” button.
7. In the “Settings” window, click the “Ok” button.

d) Opera
1. Open the “Settings\General Settings” menu.
2. Go to the “Advanced” tab, select the “Network” settings section.
3. Click the “Proxy servers...” button.
4. In the connection settings window that opens, set the value to “Configure the proxy server manually.”
5. For the HTTP protocol, set the values ​​of the proxy server fields: 127.0.0.1; Port: 8080.
6. Set the value to “Use a proxy server for all protocols.”