How to completely remove traces of continent ap. Typical mistakes continent ap. In the “Sky Continent-Up” window that appears, fill in the fields

Last revision: 10/23/2012
INSTRUCTIONS
for installation and configuration
Continent-AP software

I. General provisions 2

II. Preparing to install Continent-AP 3 software

III. Installation of Continent-AP 3 software

IV. Setting up the Continent-AP 8 connection

V. Configuring readers in CIPF CryptoPro CSP 10

VI. Creating Authentication Keys and Certification Request 13

VII. Installing certificates 18

VIII. Checking a secure communication channel 22

IX. Setting up additional work places 30


Abbreviations

ASFC– automated system of the Federal Treasury.

Agreement– an agreement on electronic document management concluded between a third-party organization and the UFK for the Udmurt Republic or geographically remote departments of the UFK for the Udmurt Republic.

Client– a third party organization that has concluded the Agreement.

BYsoftware.

PPO– application software.

CIPF– a means of cryptographic information protection.

SUFD– remote financial document management system.

EDMS– electronic document management system.

I. General provisions

1.1. This “Instructions for installing and configuring Continent-AP software” (hereinafter referred to as the Instructions) is intended for users of Continent-AP software (hereinafter referred to as Continent-AP or Subscriber Station). It contains the information necessary for the user to install, configure and operate the Continent-AP software used when installing a secure communication channel between the Department of Financial Control for the Udmurt Republic and the Client.

1.2. Continent-AP software is provided to the Client under the Agreement.

1.3. Continent-AP software is designed for secure data transmission through public (unprotected) networks. This technology is called a “virtual private network” (VPN). Data protection is ensured by cryptographic methods, as a result of which data is transmitted in encrypted form through the public network. Continent-AP software is installed on the Client’s computer, which connects to a specialized computer of the UFK for the Udmurt Republic - an access server that checks access credentials and allows access to the resources of the secure network of the UFK for the Udmurt Republic.

1.4. The following certificates are used for interaction between the Subscriber Point and the access server:

– access server certificate – for authentication of the access server;

– user certificate – for user authentication on the access server (file user.cer) – hereinafter the authentication certificate;

– certificate of the root certification authority – to confirm the authenticity of the user certificate and the access server certificate (file root.p7b).

1.5. This manual covers working with Continent-AP version 3.5.x.

II. Preparing to install Continent-AP software

2.1. Before installing Continent-AP software version 3.5.x, CIPF CryptoPro must be installed on your computer CSP versions 3.6. As part of the Agreement, the Client is provided with CIPF CryptoPro CSP version 3.6 for temporary use by the Federal Financial Control Department for the Udmurt Republic. The procedure for obtaining CIPF CryptoPro CSP version 3.6 is posted on the official website of the UFK for the Udmurt Republic: www.udmurtia.roskazna. ru, section “Information for clients”, subsection “ Electronic signature" When installing CryptoPro CSP version 3.6 software, use the custom installation of components and additionally select the “Compatibility with CryptoPro CSP 3.0” component for installation, and also make sure that the “Revocation Provider” component is not selected for installation.

2.2. To install on a computer with operating system(hereinafter referred to as OS) MS Windows XP select Continent-AP software version 3.5.67, and for MS Windows 7 OS – software version 3.5.68.

2.3. If Continent-AP software is installed on a computer running MS Windows 2000, it may be necessary to install additional OS updates. To install, select Continent-AP software version 3.5.67.

2.4. All software installation operations described in Section II on the computer must be performed by a user with administrator rights.

III. Installation of Continent-AP software

3.1. Installation of Continent-AP software on a computer must be carried out by a user with administrator rights.

3.2. To install Continent-AP software version 3.5.x, find the file in the Continent-AP distribution setup.exe and run it.

3.3. The installer will begin executing preparatory actions, and a message about this will appear on the screen. After completing the preparatory steps, the start dialog of the installation wizard will be displayed on the screen. Press the "D" button A le >".

3.4. When license agreement, you need to read it and accept its terms (Fig. 1) and click the “D” button A le >".

Rice. 1

3.5. A window will appear to select the folder in which Continent-AP will be installed (Fig. 2). The default software installation folder can be changed using the " AND change..." Having selected a folder, click the "D" button A le >".

Attention! For correct joint operation of the Continent-AP software and the SED software, it is necessary to install Continent-AP strictly in the default folder - “ C:\Program Files\SecurityCode\ClientContinent".

Rice. 2

3.6. When the installation type selection window appears (Fig. 3), check the “ IN custom" and press the "D" button A le >".

Rice. 3

3.7. A window for selecting installation components will open (Fig. 4). In this window, you need to exclude the “Firewall” component from the installation; to do this, left-click on the icon next to the component name and check the “This component will not be available” option. As a result, the Firewall component will look like in Fig. 5. Press the "D" button A le >".

Rice. 4

Rice. 5

3.8. When requesting the IP address of the access server (Fig. 6), leave the value “0.0.0.0” unchanged and click the “D” button A le >".

Rice. 6

3.9. A window will appear warning you about the need for positive responses to all warnings that may appear during the installation of the program (Fig. 7). Click the button U become."

Rice. 7

3.10. The installation of the program and the necessary drivers will begin. During installation, windows may appear warning that the software being installed has not been tested for compatibility with the operating system being used (Fig. 8). Be sure to click the "Don't care" button P continue to give birth."

Rice. 8

3.11. The completion of the program installation will be indicated by the window shown in Fig. 9. Press the button G it's done."

Rice. 9

3.12. After installing the Continent-AP software, you must restart your computer. After loading the OS, an icon of the subscriber point management program will be displayed in the notification area (in the lower right corner of the screen) in the form of a gray shield with the letters “AP” (Fig. 10).

Rice. 10

3.13. In order for applications for the production of authentication certificates to be correctly generated, it is necessary to replace the application template file. To do this, copy the application template file request.xsl on top of the existing one in the installation folder of the Continent-AP software (for software version 3.5.67, the folder “ C:\Program Files\SecurityCode\ClientContinent\"). The template file is located in the folder with installation files Continent-AP software.

IV. Setting up the Continent-AP connection

4.1. When installing Continent-AP software on your computer, a connection with the same name “Continent-AP” is automatically created. For proper operation The subscriber station needs to configure the specified connection. The connection is configured by a user with administrator rights.

4.2. To configure the connection, right-click on the icon of the subscriber point management program (a shield-shaped icon with the letters “AP” in the lower right corner of the screen) and in the context menu that appears, select “Settings → Continent-AP” (Fig. 11).

Rice. eleven

4.3. The properties window for the Continent-AP connection will open. In this window, on the “General” tab (Fig. 12). In field " N phone number:" enter IP address « 78.109.112.138 » or " 10.13.253.21 ", if the "ufkras" connection is additionally used to connect to the access server.

Rice. 12

4.4. Then select the “Network” tab (Figure 13). In this tab, in the “Components used by this connection:” field, uncheck all components except “Internet Protocol (TCP/IP)”, “QoS Packet Scheduler”, “Continent3 Filter Driver”. To complete the connection setup, click the “OK” button.

Rice. 13

V. Configuring readers in CIPF CryptoPro CSP

5.1. The set of readers and storage media used when working with authentication keys for the Continent-AP software is configured in the CIPF CryptoPro CSP (hereinafter referred to as the CryptoPro software).

5.2. Before you start generating authentication keys, make sure that the necessary (planned for use) readers and media are added to the CryptoPro software. To do this, open the control panel (Start → Settings → Control Panel) and open the “CryptoPro CSP” snap-in (Fig. 14).

Rice. 14

5.3. The “CryptoPro CSP” window will open (Fig. 15) (the following are instructions for CryptoPro version 3.6). In this window, select the “Hardware” tab and click the “Configure” button With readers..." A window will appear with a list of installed readers (Fig. 16). If the required readers are not present in the list, you will need to add them. In this case, the addition must be made under a user account that has administrator rights on this computer.

Rice. 15 Fig. 16

5.4. To add the required reader in the “Manage Readers” window, click the “ D add..." (Fig. 16). The “Reader Installation Wizard” window will open, in this click the “ D ale>".

5.5. In the window that appears (Fig. 17), select the required one from the available readers and click the “ D ale>".

Rice. 17

5.6. In the window that appears (Fig. 18), the field “ AND reader name:" leave unchanged and click the " button D ale>".

Rice. 18

5.7. As a result, a window will appear indicating that the reader installation wizard has completed its work (Fig. 19). Click the "Done" button. As a result, a new reader will be added to the list of installed readers (Fig. 16). Close the “Manage Readers” window (Fig. 16) by clicking the “OK” button. Close the “CryptoPro CSP” window (Fig. 15) by clicking the “OK” button.

Rice. 19

VI. Creating Authentication Keys and Certification Request

6.1. To authorize on the UFK access server for the Udmurt Republic, the user must have a private authentication key and a public key certificate. All actions to create authentication keys and a request for certification are carried out on a computer under the account of the user who will subsequently carry out authorization on the access server of the UFK for the Udmurt Republic.

6.2. Right-click on the icon of the subscriber point management program (a shield-shaped icon with the letters “AP” in the lower right corner of the screen) and in the context menu that appears, select “Certificates → Create a request for a user certificate...” (Fig. 20).

Rice. 20

6.3. The form shown in Fig. will open. 21. All fields are required to be filled in with the exception of the “Description” field, this field is not filled in. In this form, a number of restrictions are imposed on the fields “Employee Name:”, “Organization:”, “Division:”. The line length of each field cannot exceed 64 characters. When filling out these fields, you cannot use quotation marks, commas, semicolons, or the “+” sign.

Rice. 21

6.4. In field "Employee Name:" indicate the full name of the Client (this field corresponds to the “common name of the organization” field in the application). If the Client’s name exceeds 64 characters, then shorten it using understandable abbreviations (for example, “Municipal educational institution” - MOU, “secondary school” - secondary school, “State government institution” - GKU, “Municipal education” - MO, etc.). P.). If the Client has more than one Continent-AP workplace, for example, the Client acts as “Revenue Administrator” and “Recipient of Budget Funds”, etc., then after the name it is necessary to add, respectively, “(Workstation AP)”, “(Workstation PBS )" etc.

6.5. In field "Organization:" indicate the full name of the Client, taking into account the restrictions imposed on the field.

6.6. In field "Subdivision:" indicate the name of the unit (department) that exchanges electronic documents with the UFK for the Udmurt Republic. If the organization does not have divisions into departments, then put a dash (the “–” sign).

6.7. In field "Region:" indicate “Udmurt Republic”.

6.8. In field "City:" indicate the name of the corresponding city. For other settlements of the republic, you must indicate: the type and name of the settlement, the region of the republic separated by a dot.

6.9. In field "A country:" select "RU".

6.10. In field « e- mail indicate the Client's email address. It is advisable to indicate addresses related to the Client’s corporate domains, for example, roskazna.ru, minfin.ru, etc., and not on public domains: gmail.com, mail.ru, rambler.ru, etc.

6.11. In field "Electronic form:" the name of the authentication certificate request file will be shown (file with extension .req) and the folder in which it will be saved. The folder for saving the request file can be selected using the “Browse...” button. It is recommended to create on a non-system drive (drive D, E, etc.) a folder “Continent-AP” and a subfolder for the current year (if necessary, additional folders “AP”, “PBS”, etc. can be created)

6.12. Necessarily check the box next to it "paper form:". This field will display the name of the authentication certificate application file (file with extension .html) and the folder in which it will be saved. The folder for saving the application file can be selected using the “Browse...” button. It is recommended to save the application file in the same folder as the request file.

6.13. After filling out the required form fields, click OK.

6.14. A window for selecting a key medium will appear (Fig. 22), which will be used to store the private authentication key, and will subsequently be used to establish a connection with the UFK access server for the Udmurt Republic. If you are using a flash drive as a key storage device, insert a blank flash drive into the computer in the “ U Devices:" select "Disk drive: E" (if the "flash drive" is detected in the system under the letter "E", in your case it can be any other letter) and click the "OK" button.

Attention! It must be remembered that key media are carriers of information for official use, and when storing and using them, it is necessary to comply with the requirements set out in the Rules for the Use of CIPF "Continent-AP", as well as the requirements of the Instructions on organizing and ensuring the security of storage, processing and transmission through channels communications using means of cryptographic protection of information with limited access that does not contain information constituting a state secret, approved by order of the Federal Agency for Government Communications and Information under the President Russian Federation dated June 13, 2001 No. 152.

Rice. 22

6.15. If a biological random number sensor is installed in the CryptoPro software, then after selecting the key carrier, the random number sensor window will appear (Fig. 23). Move the mouse and press keys randomly.

Rice. 23

6.16. A window will appear asking you to set a password for the key container being created (Fig. 24). Set the desired password and click OK. The password must be remembered or written down and stored without allowing it to be disclosed.

Rice. 24

6.17. As a result, a key container will be created on the media selected in paragraph 6.14 with a name in the format “user name”_“creation date”_“creation time” ( ). A message indicating the successful completion of the request creation will be displayed. A request file will be created in the folder specified in paragraphs 6.11-6.12 ( username_DD_MM_YYYY__HH_MM_SS.req) and an application file for an authentication certificate ( ).

6.18. Print the authentication certificate application (from file username_DD_MM_YYYY__HH_MM_SS.html) and fill it out.

6.19. The request file for an authentication certificate and application, as well as other necessary documents, are transferred to authorized persons on issues of secure electronic document management in the Department of Financial Control for the Udmurt Republic in accordance with the established procedure.

6.20. After positive verification and processing of documents, the Client receives a user authentication certificate (file user.cer) and the root certification authority certificate (file root.p7b). These files must be stored in case you need to reinstall the software and/or the certificates themselves. After receiving the certificates, it is recommended to save them in the folder specified in clause 6.11.

VII. Installing certificates

7.1. The installation of certificates is carried out on a computer under the account of the user who will subsequently carry out authorization on the access server of the UFK for the Udmurt Republic.

7.2. To install a user authentication certificate, right-click on the icon of the subscriber point management program (a shield-shaped icon with the letters “AP” in the lower right corner of the screen) and in the context menu that appears, select “Certificates → Install user certificate” (Fig. 25) .

Rice. 25

7.3. A standard Explorer window will open to search for a file (Fig. 26). In this window, find the folder where you copied the certificate files. Choose File user.cer and click the button ABOUT open."

Rice. 26

7.4. A selection window will appear key container(Fig. 27). If the key container was created on removable media and in given time This media is not inserted into the computer, then insert it and click the “Update” button. The container selection window should display all available key containers. Select the container that was created in step 6.17 ( username_DD_MM_YYYY__HH_MM_SS) and click OK.

Rice. 27

7.5. If an error message appears with the text “Incorrect public key of the supplier” (Fig. 28), then you either selected the wrong certificate file in clause 7.3, or selected the wrong one key carrier in clause 7.4. In this case, click the “OK” button and repeat the steps described in paragraphs 7.2-7.4.

Rice. 28

7.6. If up to this point the certificate of the root certification authority of the UFK access server for the Udmurt Republic has never been installed at this workplace, a window will appear asking you to install the root certificate (Fig. 29) click the “Yes, automatically” button.

Rice. 29

7.7. This will begin installing the root CA certificate from the file root.p7b found next to the user authentication certificate file user.cer. A security warning will be displayed on the screen (Fig. 30). Be sure to click the " D A".

Rice. thirty

7.8. The completion of the certificate installation will be indicated by a message indicating the successful completion of the import of the user certificate (Fig. 31). Click OK.

Rice. 31

7.9. If Continent-AP was configured to constantly use one authentication certificate, then in the future it may be necessary to reconfigure Continent-AP to use another authentication certificate (in particular, when changing authentication keys). To make the authentication certificate selection window appear again, follow these steps:

7.9.1. Right-click on the icon of the subscriber point management program and in the context menu that appears, select “Authentication settings → Continent-AP” (Fig. 32).

Rice. 32

7.9.2. The authentication settings window will appear (Fig. 33). In this window, click the “Reset Remembered Certificate” button and then the “OK” button. As a result, the next time you try to establish a connection with the access server, a window for selecting an authentication certificate will be shown (Figure 34).

Rice. 33

Rice. 34

VIII. Checking a secure communication channel

8.1. If during network interaction between the Subscriber Station (hereinafter referred to as AP) and the access server (hereinafter referred to as SD), there are firewalls or other equipment that filters IP packets, you must allow packets to pass through for the following connections on the following ports:

8.2. Access to the SD can be carried out either using an additional “ufkras” network connection or without it. If you use the “ufkras” connection for network communication, then you need to connect it. For all questions related to the “ufkras” network connection (creation, configuration, etc.), please contact the information systems department.

8.3. Initially, it is necessary to check the open communication channel.

8.3.1. To do this, in the “Start” menu, select “Run…” (Fig. 35). The “Launch the program” window will open (Fig. 36). In this window in the field " ABOUT open:" type command " cmd" and click the "OK" button.

Rice. 35 Fig. 36

8.3.2. A command line application window will appear (Figure 36). In this window, type the command “ ping78.109.112.138" or « ping10.13.253.21"(if you are using a “ufkras” network connection) and press the key. If the SD of the UFK for the Udmurt Republic is available, then the result of executing the command will be approximately the same as in Fig. 37 ( numeric values may differ from those shown in the example). Close the command line application window by clicking the cross in the upper right corner of the window.

Rice. 37

8.4. After successfully checking the open communication channel, run the ChannelChecker.exe utility (Fig. 38). The utility is located in the folder with the Continent-AP software installation files, in the Tools folder.

Rice. 38

8.4.1. Leave the “Port” field unchanged (the default value is 7500).

8.4.2. In the “Timeout, s” field, enter the value 10.

8.4.3. In the “Server IP address” field, enter the address of the SD with which interaction is being tested – 78.109.112.138 (10.13.253.21 – when connecting using “ufkras”).

8.4.4. Leave the “Server port” field unchanged (the default value is 4433).

8.4.5. Test. Testing is carried out when the Continent-AP connection is broken. The test result will be displayed in a message box:

– if the connection between the AP and the SD was successfully established, the message “Check completed successfully” will appear;

– if a response from the SD is not received within the period of time specified in the “Timeout” field, the message “Timeout has expired” will appear;

– if during testing the error message “Error Usually one use of the socket address (protocol/network address/port)” is allowed, then you need to check whether it is trying to this moment Continent-AP software establishes a connection - in this case, manually disconnect the connection and try testing again.

8.4.6. If the message “Timeout expired” appears:

1) check that the fields are filled in correctly;

2) if the fields are filled in correctly, change the value in the “Port” field to 7501 and test again - if the test is successful, proceed to paragraph 8.5. this instruction;

3) if the “Timeout expired” message appears again, test using port 7502 - if the test is successful, proceed to step 8.5. this instruction.

8.5. Open “Device Manager” (Fig. 39) (right-click on the “My Computer” icon, select the “Computer Management” menu item), in “ Network cards» find “Continent 3 PPP Adapter”. In the adapter properties on the “Advanced” tab, change the default value in the “UDP Port” field – 7500 – to the required value and click the “OK” button (Fig. 40).

Rice. 39

Rice. 40

8.6. You may also need to check the type of remote access server you are connecting to. To do this, open the properties of the “Continent-AP” network connection, the “Network” tab, “Type of remote access server to be connected:” should be “PPP: Windows 95/98/NT 4/2000, Internet”.

8.7. Upon successful verification of the availability of the SD of the Federal Financial Institution for the Udmurt Republic, right-click on the icon of the AP management program (the icon in the form of a shield with the letters “AP” in the lower right corner of the screen) and in the context menu that appears, select the item “Establish/disconnect connection → Establish connection Continent” -AP" (Fig. 41).

Rice. 41
8.8. A window will appear for selecting the certificate that will be used when connecting (Fig. 34).

Rice. 34

8.9. In the User Certificate: field, click the drop-down icon. A list of all personal certificates installed on this workplace will be shown. In this list, you must select the authentication key certificate issued to your organization (Fig. 42).

Rice. 42

8.10. To check whether you have selected the correct certificate, click the “Properties” button in the certificate selection window (Fig. 34). The properties window for the selected certificate will open (Fig. 43). In this window, in the field “Issued to:” the conventional name of your organization must be indicated, in the field “Issued by:” the name of the root certification authority of the UFK access server for the Udmurt Republic must be indicated ( C.A.- SD13- root). In addition, the correct validity period of the certificate must be specified. After checking the specified parameters, click the “OK” button in the certificate properties window.

Rice. 43

8.11. If the certificate is selected correctly, click the “OK” button in the certificate selection window (Fig. 34). If the connection is made for the first time, a warning will be displayed on the screen that the UFK access server is not on the allowed list and a proposal to add it to the list (Fig. 44). In this case, click the "Yes" button.

Rice. 44

8.12. After this, an attempt will be made to read the private authentication key from the key container. If the key container was created on removable media, and this media is not currently inserted into the computer, you will be prompted to insert the key media. If you successfully attempt to read the key and establish a connection, the AP control program icon (a shield-shaped icon with the letters “AP” in the lower right corner of the screen) will change its color from gray to blue (Fig. 45). In the future, the blue color of the pictogram indicates that at the moment the connection with the SD of the UFK for the Udmurt Republic has been established.

Rice. 45

8.13. To successfully work with the software "ASFK (SUFD)" (hereinafter referred to as the SUFD portal) or the software "SED" through Continent-AP, after establishing a connection with the SD of the UFK for the Udmurt Republic (the AP control program icon is blue), the SUFD portal must be available or FTP server of the UFC in the Udmurt Republic. To check the availability of the SUFD portal of the Federal Financial Inspectorate for the Udmurt Republic, in the “Start” menu, select “Run…” (Fig. 35). The “Launch the program” window will open (Fig. 36). In this window in the field " ABOUT open:" type command " cmd" and click the "OK" button.

8.14. A command line application window will appear (Figure 46). In this window, type the command “ ping 10.13.200.12 " to check the availability of the SUFD portal or " ping 10.13.1.10 » to check the availability of the FTP server and press the key. If the SUFD portal or FTP server of the UFK for the Udmurt Republic is available, then the result of executing the command will be approximately the same as in Fig. 46 (numeric values ​​may differ from those shown in the example). Close the command line application window by clicking the cross in the upper right corner of the window.

Rice. 46

8.15. After checking the availability of the SUFD portal or FTP server of the UFK for the Udmurt Republic, break the connection with the SD, to do this, right-click on the icon of the AP management program and in the context menu that appears, select the item “Establish/break connection → Break Continent-AP connection” ( Fig. 47). The AP control program icon will change its color from blue to gray.

Rice. 47

8.16. If the connection check was successful, it is recommended to configure Continent-AP software to constantly use the selected authentication certificate. To do this, follow the steps described in paragraphs 8.7-8.10. After this, in the certificate selection window (Fig. 48), check the box “always use this certificate when connecting” and click the “OK” button. A connection will be established with the SD of the UFK for the Udmurt Republic (the AP control program icon will change its color from gray to blue). As a result, in the future, when connecting to the SD of the UFK for the Udmurt Republic, the selected authentication certificate will always be used, and the certificate selection window will not appear.

Rice. 48

IX. Setting up additional work places

9.1. When organizing more than one workstation to work with the SUFD portal or EDMS software through one workstation (or server) with Continent-AP software installed, additional settings are required.

9.2. Legend:

1) Server – automated workplace(hereinafter referred to as AWS) with installed Continent-AP software.

2) Client – ​​additional workstation with SUFD portal or EDMS software.

9.3. Settings on the Server.

9.3.1. Check if the Windows Firewall/Internet Sharing (ICS) service is running, if not, start it.

9.3.2. Open « Network connections", in the properties of the Continent-AP connection on the "Advanced" tab, check the box "Allow other network users to use the Internet connection of this computer."

9.4. Settings on the Client.

9.4.1. Add a route from the Client to the “SUFD portal” (or FTP server) through the Server using command line(cmd.exe):

route add 10.13.200.12 mask 255.255.255.255 “Server_IP_address”

9.5. Check the connection from the Client (in this case, a Continent-AP connection must be established on the Server) using the command line (cmd.exe):

Ping 10.13.200.12.

9.6. If the connection check is successful, repeat the command to add a route with the “-p” switch using the command line (cmd.exe):

route add 10.13.200.12 mask 255.255.255.255 “Server_IP_address” -p.

9.7. When using several Clients, the corresponding settings are in clause 9.4. – must be carried out on all workstations.

15. “Error” Insert key media. The keyset does not exist.

15.1 Make sure that the storage medium with the Continent key is inserted.

15.2 When establishing a connection, at the certificate selection stage, make sure that the correct certificate is selected.

15.1.3 Make sure that CryptoPro sees this key.

16. “Error” Insert key media (The “devices” field is empty).

    Make sure that the storage medium with the Continent key is inserted;

    Open CryptoPro and, on the “Hardware” tab, select “Configure readers”;

    In the “The following readers are installed” field, remove all readers by selecting them one by one and clicking the “Delete” button;

    Click "Add";

    The reader installation wizard window will appear. Click "Next";

    At the next step of the reader installation wizard, in the “Manufacturers” field, select “All manufacturers”. And in the “Available readers” list, select “All removable drives”. Click "Next";

    In the window that appears, click “Finish”;

    Try to establish the connection again.

17. “Error” The icon located in the tray has disappeared.

17.1 Go to “Start” => “All programs” => “Security code” => “Continent subscriber point” and select “Management program”.

17.2 If the icon does not appear, right-click on the Windows taskbar (or press ctrl + alt + delete) and select “Task Manager”.

Go to the "Processes" tab and select "AP_Mgr.exe" from the list and click the "End Process" button.

Then repeat step 17.1.

18. The server denied access to the user “Invalid key usage type.”

18.1 Reinstall the certificate by first clearing the “remembered passwords” in CryptoPro. Check the work.

18.2 It is necessary to “fix” the Continent-AP program through the Control Panel => Add and remove programs, or install a new version of Continent-AP.

18.3 Reinstall Continent-AP (restart the computer). Reinstall the certificate.

18.4 Reinstall CryptoPro first (preferably via cspclean.exe), then Continent-AP (restart the computer). Reinstall certificates.

19. The server denied access to the user. “Client-Cert not found” (see Fig. 5).

Solution: Check the validity period of the license for CIPF “CryptoPro” version 3.6. To do this, open the Start menu => Programs => Crypto-Pro => CryptoPro PKI license management (see Fig. 6).

Select the menu item “CryptoPro CSP”. On the right side of the “Manage CryptoPro PKI Licenses” window, the license validity period is indicated (see Fig. 7).

If the license has expired, right-click on the menu bar “CryptoPro CSP”, select the menu bar item “All tasks => Enter serial number"(see Fig. 8). Enter the serial number of the license obtained from the FC authority.

If the license validity period is unlimited, close the “Manage CryptoPro PKI licenses” window and try to establish a Continent-AP connection. If the problem persists, then follow these steps.

It is necessary to remove the Continent-AP certificate from the computer settings and reinstall this certificate. To do this, call the Continent-AP menu by right-clicking on the icon in the lower right corner of the screen.

On the menu "Setting up authentication" activate the command "Continent-AP"(see Fig.9).

The “Continent-AP” window will appear on the screen. Click the button "Reset stored certificate" click the button "OK"(see Fig. 10).

Run the program certmgr.msc from the “Utilities” folder, which is part of the distribution kit “Continent-AP 3.6 with support for Windows7 Distribution kit and user instructions.” The “Certificates” window will appear on the screen. Open the “Certificates - current user” list, then the “Personal” list, then the “Certificates” list (see Figure 11).


Fig.11

Delete all certificates for which “UFK Access Server” or “OFK Access Server” is indicated in the “Issued by” column (see Fig. 12). Close the Certificates window.

Call up the Continent-AP menu by right-clicking on the icon in the lower right corner of the screen.

On the menu "Certificates" activate the command "Install user certificate"(see Fig. 13).

The “Open” window will appear on the screen. Choose File user.cer and press the button "Open"(see Fig. 14). File user.cer may be on a floppy disk or flash drive.

The “Continent-AP” window will appear on the screen with the prompt “Select the key container of the user certificate.” Select the desired key container and click the button "OK"(see Fig. 15). Typically, the initial characters of the key container name match the organization's Taxpayer Identification Number (TIN).

If a message appears on the screen, as in Figure 16, press the button "Yes, automatically"(see Fig. 16). This message will not appear if you reinstall the certificate.

If a message appears on the screen, as in Figure 17, press the button "Yes"(see Fig. 17) . This message will not appear if you reinstall the certificate.

Click the button "OK"(see Fig. 18).

Try establishing a Continent-AP connection. If the problem persists, reinstall Continent-AP. To do this, open the “Start => Settings => Control Panel” menu (see Fig. 19).


Open the “Add or Remove Programs” shortcut (see Figure 20).

Find the line “Continent-AP” in the list of installed programs and click the “Change” button (see Fig. 21).

The “Continent-AP” window will appear on the screen. Click the “Next” button (see Figure 22).

Check the "Correct" box. Click the “Next” button (see Figure 23).

Click the “Install” button (see Fig. 24). Wait for the installation of Continent-AP to complete. This may take a few minutes.


Rice. 24
Click the “Done” button (see Fig. 25).

To restart your computer, click the button "YES"(see Fig. 26).

After restarting your computer, try establishing a Continent-AP connection.

20. "Error" When trying to establish a connection, the message “ The integrity of the subscriber point files has been compromised. Contact your system administrator"(see Fig. 27).

Run the start.bat file from the setup folder, which is located in the archive with the Continent-AP distribution package. Try to establish a connection. If it does not connect, uninstall Continent-AP and install Continent-AP version 3.6 in accordance with the document “User Guide for Installing and Configuring CIPF Continent-AP 3.6.doc”.

Some information taken from the sourcetut- admin. ru/2014/06/11/typical-errors-continent-up/

ORDER

Removing, installing, generating authentication keys for CIPF “Continent-AP”, sending a request to receive an authentication key certificate, issuing a certificate.


  1. Removing a subscriber point of earlier versions
If you had previous versions of the subscriber point installed on your computer Continent AP, must be removed before installation old version. For this:

Start - Control Panel - Add and remove programs – Continent-AP and press Change.

After successfully deleting the subscriber point, click the button Ready and restart your computer.


  1. Installation of a subscriber point
Log in as a computer administrator.

Note. A user who is a member of the local Administrators group has computer administrator rights.

Quit all applications running on your computer.

Execute the file Setup.exe, located in the directory with the distribution kit of the Subscriber Point.

The installer will begin the preparation steps and a message will appear on the screen. After completing the preparatory steps, the start dialog of the installation wizard will be displayed on the screen.


Click the button Further to continue installing the subscriber point

A dialog will appear on the screen containing a license agreement for the use of the software product.

Read the license agreement and, if you accept the terms, check the "I accept the terms of the license agreement" box and click the button Further.


Specify the IP address of the access server


  • to connect viaInternet83. 169.236.3
Click the button Further


Click the button Install

ATTENTION! FOR CORRECT OPERATION OF THE PROGRAM, IT IS NECESSARY TO REPLY POSITIVELY TO ALL WARNINGS THAT MAY APPEAR DURING THE DRIVER INSTALLATION PROCESS!


After installing the subscriber point, click the button Ready

The screen will ask you to restart your computer.



Click the button Yes to immediately restart the computer and start working with the User Point.

  1. Generating private and public (certificate request file) authentication keys.

The generation of authentication keys is carried out on a workstation, defined as a subscriber station of APKSH "Continent-AP", with the following installed on it:

  • cryptoprovider "CryptoPro" CSP 3.6".

  • software "Continent-AP" versions 3.5.68, 3.5.71, 3.6.

To generate private and public keys using "Continent-AP" version 3.x necessary:

Launch "Continent-AP" ( Start - Programs - Information Security - Continent Subscriber Point - Management Program).

Right-click on the icon “Continent-AP” located in the lower right corner of the screen - call the menu “ Certificates – Create a request for a user certificate."

In the window that appears " CIPF Continent-AP » fill in the fields:


In the field “Files for saving a certificate request - electronic form "specifies the path to the file in which the request for issuing an authentication key certificate will be saved. This file (request file with extension req ) will need to be transferred to the UFK for the Republic of Crimea (or the Department of the UFK for the Republic of Crimea).

The “Paper form” field does not need to be checked.

To generate a key, click the button " OK"

In the “CryptoPro” window that appears CSP "you need to select the magnetic media for the key container being created and click the "OK" button (the supported media is a "3.5" floppy disk, OS Registry Windows, Touch Memory DS 1993 – DS 1996, Electronic key with interface USB , Removable media with interface USB).


After pressing the “OK” button, the “CryptoPro CSP” window will appear, in which you can set a password for the created key container (however It is not advisable to set a password, since a lost password cannot be restored!).

The generated request to obtain an authentication key certificate in this case is located on disk C:\k-ap_31-03-2008_151130.req (the name of the request file will be different from the example given), the container with the private part of the key will be located on the selected key media.

The manufactured key container is subject to accounting in accordance with "Instructions on organizing and ensuring the security of storage, processing and transmission via communication channels using means of cryptographic protection of information with limited access that does not contain information constituting a state secret,” put into effect by FAPSI order No. 152 of June 13, 2001.


A generated request for a certificate with the extension *.reqprovide for registration with the UFK for the Republic of Crimea com. No. 110 or in

I told you how to install the Continent AP program on Windows 7. The fact is that this program uses certificates in its work, with the help of which a secure connection is created and data exchange with the Continent AP access server. In this article I will try to tell you how to create a request to issue a certificate for the AP Continent, as well as how to install this certificate in the program.

I will show you, as always, with pictures, although they were made on a computer, under Windows control XP. So let's get started...

After installing Continent AP, a “gray shield” icon should appear in your tray. If you right-click this “shield”, a context menu will appear, as shown in the picture below:



Here you need to select the “Certificates” menu item, and then “Create a request for a user certificate.” The following window will open (Fig. 2):



This form must be completed. Before doing this, do not forget to insert a blank key media. After all, after filling out this form, the generation of private keys will begin, which occurs on the key carrier that is to be rejected. This could be, for example, a flash drive. If you use the Crypto PRO 3.6 or higher program on your computer, then flash drives are enabled by default. And to be more precise, “All removable media”. I do not consider generation to key media of the “Register” type, because This is prohibited in our UFC.


So, let's return to filling out the form (Fig. 2). As you can see, it consists of two blocks. I outlined them in yellow. If everything is intuitive with the upper block (you need to fill in all the fields), then I will dwell in more detail on the lower one. You must immediately check the “paper form” checkbox. It is not installed by default. Using the "Browse" buttons you can select a location to save files. And there will be two of them. *.reg and *.html. File names can be edited as you wish, without changing the file extensions, of course.

By default, the program offers to save under the following name: the name of the computer on the network (I circled it in blue), the date and time the request was created. As can be seen from the figure, the request was created on December 10, 2015 at 9 hours 51 minutes 46 seconds on a computer named “imyacompa”. The last 3 characters are added randomly. They always consist of three digits and I didn’t notice any system in their generation.

It is worth noting that if you downloaded the Continent AP program version 3.5.68.0 from my website, then most likely there is an old printable template. After installing this program, you need to change this template. This is relevant for our region, namely the Chelyabinsk region. Changing the printable template will only affect the printable in *.html format; it will not have any effect on the *.req file.

If your region is using an older template, you must follow the recommendations for your region. You can download the new template from the following link. If you are in our region, then before generating keys and a certificate request, change the template in accordance with the instructions in the attached file.

So, having decided on the name of the files, you can start generating a certificate request by clicking the "OK" button. As mentioned above, we will receive 2 files *.req and *.html, as well as private keys on a flash drive or any other medium.

Next, you must act in accordance with the procedure for submitting requests for a certificate, which is in effect in your UFK. With us, we print out the *.html file on paper and sign it with the owner of the certificate and the head of the organization. Then we transfer a paper copy and a *.req file on removable media to the treasury and in return we receive a certificate.

So, the request was sent to the UFC, we received a certificate. By the way, time may pass between sending the request and receiving the certificate, it’s different for everyone, but the main thing is to wait for the certificate. What's next? And then right-click on the “shield” of the AP Continent and do what is shown in the figure below:



Namely: go again to “Certificates”, and then “Install user certificate”. The arrows in Figure 3 show what needs to be done. Before doing this, insert the key media with the private keys obtained as a result of generation, and also prepare the certificate received from the FK. I copied it onto key media so that it would always be at hand. You can do it your way: rewrite it anywhere, the main thing is that during installation you can get to it. By the way, along with the user certificate, our UFC also issues the root certificate of the AP Continent. This certificate, when installed, must be located in the same directory as the user one. In general, the figure below shows all this:



The AP Continent root certificate is the root file. This certificate is required when installing Continent AP for the first time. After installing the user certificate, the program installs the root one if it is not installed. Otherwise, it does nothing. But if the program does not find the root one the first time, then there will be problems. Therefore, it is better to always have it together with the user certificate in the same directory.

Here, Figure 4, during installation you must, of course, select a user certificate. I have highlighted it in the picture. And the yellow folder is the private keys obtained when generating the request. There are six files with the *.key extension. By the way, the keys are standard for the Crypto Pro 3.6 program. After all, it is she who generates these keys. So, having selected the user certificate, click the “Open” button and get to the following picture:



The top line is precisely the key container with private keys. And at this stage we must indicate to the program the key container corresponding to our certificate. Namely, the one that was generated when creating the certificate request. In general, let me make a small digression... All digital signatures that are generated using Crypto Pro (you don’t think that the keys are generated by Continent AP) consist of two parts:

  • private key is the key container obtained during generation;
  • The public key is a certificate obtained from the treasury.

These parts are connected (again, using Crypto Pro) only if they match each other. It is not difficult to conclude: if one of the parts is lost or damaged, then the entire digital signature stops working. And it is impossible to correct this situation except by generating a new digital signature. There are ways to do copy of digital signature, but I won’t touch on that in this article.

So, back to “our sheep”. In Figure 5, be sure to click on the top line with the key container, and then click “OK”. After all this is done, you will receive the following window:



Well, there’s only “OK”, there are no other ways... Congratulations, the certificate is installed. It's time to check its performance. To do this, we need to do as the following picture tells us:



RMB on the “shield”, go to “Establish/break connection” -> “Establish connection Continent AP” and get into the following window:



Click where the red arrow points (Fig. 8). If you followed these instructions in the previous stages, then at least one certificate will pop up. You must select the one you just installed (see Figure 9):



After selecting it, check the box next to “Always use this certificate when connecting.” In this case, your Continent AP will connect to the server using the specified certificate. Otherwise (if the checkbox is not checked), it will prompt you to select a certificate every time you connect. To find out whether the certificate was selected correctly, you can use the "Properties" button. It will show everything about the selected certificate. At the end, as always, the "OK" button. The process of connecting the AP Continent to the access server will begin. If everything is done correctly, then as a result you will see in the tray how the “shield” has changed color from gray to blue:



If you got the same result as I did, then I am glad to congratulate you on the successful installation of the certificate for the AP continent. After you have connected to the access server, you can download the SUFD and start working in it.

P.S. Well, one more thing: I think that I have outlined everything here in sufficient detail. But some questions may still arise. In this case, write them in the comments below. By the way, for registered users of my site, comments appear immediately, without moderation.

And finally... If you liked this article and learned something new from it, you can always express your gratitude in monetary terms. The amount can be any. This does not oblige you to anything, everything is voluntary. If you still decide to support my site, then click on the “Thank” button, which you can see below. You will be redirected to a page on my website where you can transfer any amount of money to my wallet. In this case, a gift awaits you. After a successful money transfer, you will be able to download it.


The Continent-AP information cryptographic protection system from the developer “Security Code” is a software and hardware complex that provides remote access to the networks of large municipal organizations, such as the State Automated System “Elections” and the Federal Treasury. To update the Continent-AP CIPF, you must completely remove the previous version of this program from your computer: otherwise, installing new software will not be possible due to conflicts with the system.

Working with the program

Continent-AP provides users with the following features:

  • secure access via RDP to computers and portable devices using a special cryptographic algorithm certified according to GOST 28147/89 (operates in gamma mode with feedback);
  • a product of a multi-stage authentication algorithm for remote users based on certificates public keys X.509 standard, which ensures a high degree of security of data transmitted within the framework of the agricultural sector;
  • support for external VPN clients for Linux and Windows OS, incl. electronic keys Token, iKey, iButton identifiers, floppy disks and flash drives;
  • communication with the Continent system with mobile devices and stationary PCs with speeds up to 16 MB per second;
  • much more.

To access CIPF you must use valid certificates root certificate authority:

  • cer – user certificate;
  • p7b – root certificate.

In order to install a root certificate, you must:

  1. Unzip the file with certificates to a key drive - this can be a disk, flash drive or other removable media with a key container where private keys are stored, which are generated by employees of the relevant authorized agency when generating a request for a user certificate. The key container in its content is a folder with attachments like “header.key”, “masks.key”, etc.
  2. Install the certificate in the “Storage” on your PC. To do this, on the panel Windows tasks in the tray, find a shield icon with the inscription “AP” - usually the indicated object is located in the lower right corner of the monitor, next to the time and date settings.
  3. If there is no application in the tray, you will need to launch it from the Start menu. Select the section of the “Start” menu that opens - “Programs”, go to the “Security Code” subsection, to the “Continent Subscriber Point” folder and click on the “Management Program” icon.
  4. In the context menu that opens, go to the “Certificates” section: in the drop-down list, select the “Install certificate” option. user".
  5. Go to “Explorer” - press the Win + E combination and go to the removable media on which the key container file certificates are stored.
  6. Select the file “user.cer” and click “Open”.
  7. In the dialog box that opens, the message “Select a key container...” will appear - click on the name of the key container. After the element is highlighted in blue, tap on “OK”.
  8. When the CryptoPro CSP window appears, enter the access password for the specified container, then click “OK”. Password is issued to the user who submitted the application for the certificate. If the password has been forgotten or lost, you will need to create a new application for the key, and the current certificate should be revoked.
  9. A dialog box will appear in which you need to click on “Yes, manually.”
  10. Now you need to download the certificate called “root.p7b” - go to Explorer to removable media, right-click on the object and select the “Open” context menu option.
  11. Read the text presented in the “Security Warning” window, and then click on the interactive “Yes” button.
  12. The screen will display “Importing custom certificate.” completed successfully."
  13. After clicking the “OK” button, you can connect to the access server.

To delete certificates in Continent-AP, you will need to perform the following operations:

  1. Right-click on the shield icon in the tray on the bottom toolbar: go to the “Settings” context menu item and select the “CIPF Continent-AP” section.
  2. In the “CIPF Continent-AP Properties” dialog box that opens, go to the “Security” tab.
  3. In the “Advanced (custom parameters)” section, click on the “Options...” interactive button.
  4. In the “Advanced Security Settings” menu that opens, in the “Secure Login” section, activate “Properties”.
  5. A dialog box will open with the “Server Dostupa” element on the left side and “CA SD” on the right (a specific user may have other key names). To remove the specified certificates, you will need to click on the button located in the lower right part open window, – “Reset the remembered certificate”, then tap on “OK” and exit “Settings”.
  6. Now you need to completely remove the “.cer” Continent-AP file from the key storage. To do this in Windows 7, you will need to open the “Run” window by pressing the Win + R keys or through the “Start” - “Run” menu. In version 10 of the operating system, you need to click on the magnifying glass icon located in the lower left corner of the display to the right of the Start menu and enter the Run command or press the Win + R combination.
  7. Type the command “certmgr.msc” without quotes, then press “Enter”.
  8. If an error like “Cannot find.msc” appears, complete the following 7 steps; if there is no error, go straight to step 18 of the current instructions.
  9. In the Run window, enter a codeword“mmc” without quotes and click on “OK”.
  10. In the “Console” window, go to the leftmost menu item “File”, select the fifth item in the drop-down list - “Add or remove snap-in”.
  11. In the dialog box that opens, go to the “Isolated Equipment” tab and click on the “Add” button located in the lower left corner of the screen.
  12. A list of available accessories will be displayed on the monitor. Click on “Certificates”, and at the bottom of the “Add isolated snap-in” window, click on the “Add” button.
  13. In the “Certificate Manager Snap-in”, check the box next to the “my account..." and click on "Done".
  14. Exit “Adding equipment” by clicking “Close”.
  15. Certificates will appear in the main part of the active window “Add/Remove...” current user– click on the “OK” button.
  16. A “Console” window called “Certificates” will appear - select objects with “CA SD” in the “Issued by” column located on the right side of the screen and click on the “Delete” option.
  17. In the left side menu, go to the “Trusted” section root centers..." - “Certificates” and uninstall the object called “CA SD”.
  18. Exit "Snap" without saving.
  19. You can reinstall a new “.cr” file.

Uninstalling the program

Before you remove Continent-AP from your computer, you must create a system restore point, since if you uninstall CIPF components incorrectly, problems may arise when you try to install this software and hardware complex on your PC again. To do this you need to do the following:


Now you can safely completely remove Continent-AP 3.6 from your PC and clean the registry of residual files of this program.

Standard uninstallation

In order to remove Continent-AP 3.6 from a PC, it is recommended to follow the instructions:

  1. Exit the program in the tray - click on the shield-shaped icon with the inscription “AP” with the right mouse button, and select the “Exit” option in the context menu.
  2. Make sure that the software is not listed in the list of background processes and in startup. Go to “Task Manager”. You can perform this operation by pressing the combination Ctrl + Alt + Delete and selecting the appropriate “Task Manager” tool, or through the “Run” menu: hold down Win + R and enter the passphrase “taskmgr” without quotes, tap “Enter”.
  3. In the “Processes” tab, end the executable exe of the uninstalled CIPF - right-click on the object and activate the “End task” option.
  4. Go to the “Startup” tab and disable the uninstalled software by right-clicking and selecting the “Disable” option.
  5. Go to the “System Configuration” window. You can perform this action through the magnifying glass icon located to the right of the Start menu - enter the “Configuration” command or the “msconfig” key. You can also get to the configurator window alternative way: hold down Win + R, in “Run” enter the password “msconfig” without quotes – “Enter”.
  6. Go to the “Services” tab, click on “Do not display Microsoft services”, tap “Disable all” (after completing this action, the entire list of startup programs will be cleared). You can disable only the uninstallable CIPF - to do this, find the specified object in the general list of services and uncheck the box located to the left of its name.
  7. In Windows 7, you will also need to go to the “Startup” tab and disable the executing process using the “Disable” option.
  8. Close the “msconfig” window after pressing the “Apply” button.
  9. Reboot the computer.
  10. In OS 10, you need to go to the Start menu, click on the gear icon. In the window " Windows Settings» select the “Applications” subsection.
  11. In “Applications and Features” find the uninstallable “Management Program” using the built-in search string– right-click on the found search result and initiate deletion.
  12. Follow the prompts of the “Installation Wizard” - click “Finish” when the uninstallation process is complete.
  13. Restart your PC.
  14. After turning on the device, go to the “Registry Editor” tool - press Win + R and enter the command “regedit”, tap on “OK”.
  15. In the “Registry Editor” window, select the leftmost menu item “File” - the “Export” section. Specify “All registry” as the export range, then enter any file name and click “Save” in the desired directory. Subsequently, it will be possible to restore data from the specified source using the “Import” option.
  16. Press Ctrl + F and look for residual components of the uninstalled application - click “Find Next”.
  17. The monitor will display a list of entries in the registry: clear individual entries located in “HKEY_CURRENT_USER” and “HKEY_LOCAL_MACHINE”.

Note! Inexperienced users are better off skipping the step of manually cleaning the registry, as there is a high chance that their actions may break the OS. You can use a special tool to clean the registry of residual files, called Reg Organizer. There is a full version of this software solution, and a portable exe that does not require installation.

In order to remove “junk” keys and files from the registry that remained after uninstalling Continent-AP versions 3.5, 3.6 and 3.7 using RegOrganizer you will need:


An alternative way to remove a program

If the user is short on time and urgently needs to remove the Continent-AP program from his computer, then he will need one of the specially developed uninstaller utilities. Best solutions:

  • CCleaner;
  • Revo Uninstaller;
  • Advanced SystemCare (iObit);
  • Uninstall Tool.

All of these applications operate on approximately the same principle: they produce standard deletion applications, and then cleaned file system and a registry from residual software components. For example, in order to completely remove Continent-AP 3.7 using free software CCleaner, you will need to follow the instructions: