Accreditation on ETP - for those who need
Now there is ithappens.ru/story/6697 , then ithappens.ru/story/6076 , here ithappens.ru/story/12126 similar things happen - accreditation on electronic platforms is done by IT specialists (tyzhprogrammisty), engineers and other technical people
So this post is intended for those who have long been in IT, but they are too lazy to delve into it; for young professionals and, in general, for all to whom this information may be useful. Since the main contingent is here - people are technically savvy, we decided to do without screenshots, onlyhardcore text, if they (pictures) are needed - add at the request of readers :)
It is worth noting that the proposed accreditation steps are not the only correct ones of their kind (there are at least several working options), but many times verified, including on the author’s personal experience.
')
To accredit at the sites is simple. It does not require much inspiration or creative scope. We are regularly contacted in IST-Budget and paid for assistance in accreditation, although a person may well do it himself. But there are still some nuances that can take time and drink blood, especially if there is no time and desire to deal with it in detail. It is about these nuances that will be discussed.
_____________________________________________________________________________
Accreditation is a procedure during which you first set up a user's workplace for each ETP, then fill out an application for accreditation with details and attachment scans of statutory documents, wait for a response from the site about the results of your application (from 1 to 5 days) and if A refusal has arrived - eliminate the causes of the rejection, serve again and go to standby mode. The accreditation procedure takes place once every three years, and every year you need to attach a new electronic signature to the current account, it is quite simple.
ETP - electronic trading platform. The site on which the auctions are placed (not all, but only belonging to this site) and directly go through the procedures for participation in public procurement: submitting an application for participation in the auction, participation in the auction, signing a government contract. ETP conditionally divided into state and commercial. State ETP is represented in the amount of 5:
SBERBANK-AST sberbank-ast.ru ,
Roseltorg www.roseltorg.ru ,
Order of the Russian Federation etp.zakazrf.ru ,
RTS-Tender www.rts-tender.ru
MICEX www.etp-micex.ru .
The procedure for accreditation at each of the sites is approximately identical, we will describe this in more detail below.
The carrier (also known as Etoken, Rutoken, or Smart Card) is a familiar flash drive with a USB interface and an electronic signature certificate “on board”. Keep as the apple of one's eye!
CryptoPro CSP is a cryptographic utility necessary for working with digital signature on a computer. It is worth a penny, has a free period of use (minimum - 1 month) There are analogues, for example, LISSI-CSP.
_____________________________________________________________________________
Well, now closer to thebody of the case. Letters will be many.
- Check the browser version. Immediately clarify - the only browser to work with EDS - IE. There are plug-ins for using EDS in Firefox, but about this, maybe. we will write a separate article. It is desirable that the IE version in the workplace where the EDS is configured does not exceed 9. In versions 10 and 11, some ETPs will not work correctly. You can find out the version of IE in the browser section “Help” - “About the program” :).
- Choose the distribution of CryptoPro. We start with the distribution kit of the CryptoPro utility. You can download it from the disc, which is usually given together with the released EDS; and also, directly from the manufacturer's website www.cryptopro.ru or from one of numerous open sources, for example: taxnet.ru/software/download (the “Distributions” button). When choosing a distribution version, you should be guided by two criteria: 1. If Windows is not higher than 8.0 - choose the version of KriproPro 3.6, respectively, if Windows 8.1 and later (in the future appear the same) - CryptoPro 3.9 and higher. 2. Depending on the bit depth of Windows, choose the type of KriproPro: x64 or x86.
- Install the CryptoPro distribution. You can install the distribution kit without additional settings, which, nevertheless, during the installation process are offered to choose from. If there is a serial number on hand, we drive in immediately, if the license isn’t immediately bought - it doesn’t matter, but it’s better to write down the calendar and take care of the purchase in advance so that there are no unpleasant surprises. After installing the utility, the OS will ask for a reboot, which will need to be done.
- Install the media driver. The next step is to install the digital signature driver. Depending on whether you have a routok or etoken, select the driver and install it in the same automatic mode. Actually, the driver itself is on the drive that you carefully handed over or again via the link: taxnet.ru/software/download (section “Distributions” - Rutoken / Etoken Drivers. There is a slight difference in installing the driver for different types of media: for a rutoken, just install a simple driver in accordance with the bit depth of Windows; the etoken is a bit more capricious, the eToken PKI Client, which is not only a driver, but also a small digital signature control panel, is better suited for installing software. After installing the driver, we restart the computer again.
- Customize the media. Open the control panel, find the CryptoPro icon and launch the utility with Administrator rights. The “Hardware” tab - the “Configure readers” button - the “Add” button (when starting the utility without Administrator rights, the button will most likely be inactive) and from the list of available readers choose the one we need: Active co ru Token 0 (together with Active co ru Token 1 and Active co ru Token 2) or AKS VR 0 (as well as AKS ifdh 0 and AKS ifdh 1), and confirm the choice. Next, in the same tab, click the "Configure media types" button, the "Add" button, and from the list of available media, we again select the ones we need: Rutoken or Etoken.
- Install a personal certificate. Run the CryptoPro utility again - the “Service” section - the “View certificates in container” button - the “Browse” button. In the window of available certificates, select the desired entry (if you previously recorded other certificates on the media - there will be several lines to choose from in the list) and confirm the choice. In the section “Certificate for viewing” - the button “Properties” - the button “Install certificate”.
- Install the certificate of the Certification Authority. As a rule, the CA certificate must be on the disk complete with the EDS and on the website of the Certification Authority itself. When installing a CA certificate, it is important to fulfill the following condition: in the “Certificate Store” section, switch the selection in the “Place all certificates to the following store” field, select Trusted Root Certification Authorities in the list, and confirm your choice. In order to check whether the certificates were installed correctly, launch IE - the “Service” tab - the “Internet Options” section - the “Content” button - the “Certificates” button. In the section of personal certificates we find and open the necessary record, in case of successful installation you will see something like this:
This certificate is intended for:
Protects emails
Confirms the identity of your computer to the remote computer
The class of means EP KS1
The class of means EP KS2
1.2.643.5.5.66.1
If the CA certificate was not installed or expired, or if the personal certificate expired, the message “This certificate could not be verified by following it to a trusted certificate authority” will appear.
Most often, the reason for the denial of accreditation becomes an error (or a series of errors) made when executing the documents required from the company for accreditation.
The following general list of recommendations for the execution of documents and their accurate implementation will help reduce the likelihood of a failed outcome to a minimum.
So, recommendations:
- If the document has more than 1 page (for example, the Charter or the Statement of Taxation), it is necessary to pack the document into the archive. The recommended archive format is zip. If you try to attach archives in rar or 7z format to the site, you may receive error messages.
- The total size of a single file should not exceed 10 MB. If your document weighs more than 10 MB, it is recommended to reduce the page resolution in the document or divide the document into several archives. When splitting a document into several archives, it is highly recommended not to use the basic ability of the archiver to automatically split the archive into part1, part2 ... part100. The ETP operator most likely will not accept such paperwork. The recommended way to split the archive is to manually distribute the document pages into separate folders, assign clear names to the folders (for example: Page_1_1 Statute) and add to the archives.
- it is necessary to scan ALL pages of required documents. Even if they are empty. Even if you think they are not needed. The site (and then the state customers) accept scans of documents for consideration only in that case. if scans of all pages are presented. The most common example: during the accreditation of the IP is required to attach a scan of the passport pages. A certain number of accredited “flies” from the first time, because out of habit, only a page with a photo and registration is scanned.
- All sites, without exception, do not like documents in the format “Order” (Order of appointment, Order of renewal of powers, etc.). The initial creation of documents in the “Decision” format (Decision on the appointment, Decision on the extension of authority ”) will significantly save time.
- If your employees are searching for document templates for accreditation, show them the link: www.roseltorg.ru/suppliers/info/get-accreditation . There is everything for free.
For the correct operation of the digital signature on the electronic platforms, several more actions are needed:
- In IE browser, the section “Service” - “Internet properties” - “Security” - “Trusted sites”. Add to the reliable nodes all five ETP in the following format (http and https):
http: //*.sberbank-ast.ru/
https: //*.sberbank-ast.ru/
http: //*.roseltorg.ru/
https: //*.roseltorg.ru/
http: //*.etp.zakazrf.ru/
https: //*.etp.zakazrf.ru/
http: //*.rts-tender.ru/
https: //*.rts-tender.ru/
http: //*.etp-micex.ru/
https: //*.etp-micex.ru/
When adding addresses to trusted sites, we do not tick “For all sites in this zone, server verification (https :) is required.
- ibid, in the “Security” section, open the “Other” section and in the appeared list scroll to the section “ActiveX controls and connection modules”. In this section, all switches are set to “Enable” and confirm the selection. After this procedure, it is recommended to reopen the “Other” section and view the ActiveX section, sometimes some switches fly to the “off” state.
- Difficulties in accreditation can be created by various browser add-ons, for example: the Skype plugin “click to call” and others. Ideally, if you do not specifically need any specific add-ons, disable everything. You can open the list of add-ons through “Service” - “Add-ons”.
- It will not be superfluous to also disable pop-up blocking.
For successful accreditation, it remains to overcome the last difficulty: installing the Capicom library. At each ETP, this library must be installed separately (Capicom on the RTS-Tender is not suitable for the MICEX ETP, etc.), it is also necessary to take into account an interesting nuance: Capicom is installed in several stages. It looks like this: when you try to open an accreditation form to fill in the data, a sign or a pop-up window appears, calling for the installation of the Capicom library or its accompanying plug-in. Click install the library, the page automatically refreshes and a message appears again about the need to install the library and so on in a circle. At the Sberbank-AST site, it is necessary to additionally install Capicom via the link: 32-bit (http://www.sberbank-ast.ru/Docs/faq/CAPICOM-KB931906-v2102.zip) 64-bit (http: // www. sberbank-ast.ru/Docs/faq/Capicom%20Win7%20(64bit).rar). On some sites, this procedure (installing Capicom - automatic page refresh) must be repeated 5-7 times, before the library is fully installed and another message appears, for example, with a suggestion to enter the pin code of the device.
Useful information: if you are not informed of the PIN of your token, you can try entering the standard code:
- for Rutoken: 12345678
- for Etoken: 123456789 or 1234567890
- fill in all fields in the application forms for accreditation (5 sites = 5 applications), while some fields are not available for manual editing, since autocomplete with information from EDS;
- indicate bank details, incl. and the legal address of your bank;
- attach documents to the relevant sections (at the sites: Sberbank-AST and the Order of the Russian Federation it is necessary, before applying for accreditation, separately sign each attached document);
- send an application for accreditation, confirm the application (a letter will be sent to the post office requesting confirmation of the application);
- prepare for a flurry of calls to the phone number you specified during the accreditation. Will offer - bank guarantees and loans, tender support and other related.
Despite the fact that regular access to the ETP is carried out via an electronic signature, it is recommended to carefully record and save the login / password pairs for each site.
We have no doubt that everyone who first embarked on the accreditation path (pathos +100) will definitely succeed! But if you have any questions - welcome to the comments.
So this post is intended for those who have long been in IT, but they are too lazy to delve into it; for young professionals and, in general, for all to whom this information may be useful. Since the main contingent is here - people are technically savvy, we decided to do without screenshots, only
It is worth noting that the proposed accreditation steps are not the only correct ones of their kind (there are at least several working options), but many times verified, including on the author’s personal experience.
')
To accredit at the sites is simple. It does not require much inspiration or creative scope. We are regularly contacted in IST-Budget and paid for assistance in accreditation, although a person may well do it himself. But there are still some nuances that can take time and drink blood, especially if there is no time and desire to deal with it in detail. It is about these nuances that will be discussed.
For a start, a short four-point glossary:
_____________________________________________________________________________
Accreditation is a procedure during which you first set up a user's workplace for each ETP, then fill out an application for accreditation with details and attachment scans of statutory documents, wait for a response from the site about the results of your application (from 1 to 5 days) and if A refusal has arrived - eliminate the causes of the rejection, serve again and go to standby mode. The accreditation procedure takes place once every three years, and every year you need to attach a new electronic signature to the current account, it is quite simple.
ETP - electronic trading platform. The site on which the auctions are placed (not all, but only belonging to this site) and directly go through the procedures for participation in public procurement: submitting an application for participation in the auction, participation in the auction, signing a government contract. ETP conditionally divided into state and commercial. State ETP is represented in the amount of 5:
SBERBANK-AST sberbank-ast.ru ,
Roseltorg www.roseltorg.ru ,
Order of the Russian Federation etp.zakazrf.ru ,
RTS-Tender www.rts-tender.ru
MICEX www.etp-micex.ru .
The procedure for accreditation at each of the sites is approximately identical, we will describe this in more detail below.
The carrier (also known as Etoken, Rutoken, or Smart Card) is a familiar flash drive with a USB interface and an electronic signature certificate “on board”. Keep as the apple of one's eye!
CryptoPro CSP is a cryptographic utility necessary for working with digital signature on a computer. It is worth a penny, has a free period of use (minimum - 1 month) There are analogues, for example, LISSI-CSP.
_____________________________________________________________________________
Well, now closer to the
1. Installing CryptoPro and certificates: personal and trusted CAs.
- Check the browser version. Immediately clarify - the only browser to work with EDS - IE. There are plug-ins for using EDS in Firefox, but about this, maybe. we will write a separate article. It is desirable that the IE version in the workplace where the EDS is configured does not exceed 9. In versions 10 and 11, some ETPs will not work correctly. You can find out the version of IE in the browser section “Help” - “About the program” :).
- Choose the distribution of CryptoPro. We start with the distribution kit of the CryptoPro utility. You can download it from the disc, which is usually given together with the released EDS; and also, directly from the manufacturer's website www.cryptopro.ru or from one of numerous open sources, for example: taxnet.ru/software/download (the “Distributions” button). When choosing a distribution version, you should be guided by two criteria: 1. If Windows is not higher than 8.0 - choose the version of KriproPro 3.6, respectively, if Windows 8.1 and later (in the future appear the same) - CryptoPro 3.9 and higher. 2. Depending on the bit depth of Windows, choose the type of KriproPro: x64 or x86.
- Install the CryptoPro distribution. You can install the distribution kit without additional settings, which, nevertheless, during the installation process are offered to choose from. If there is a serial number on hand, we drive in immediately, if the license isn’t immediately bought - it doesn’t matter, but it’s better to write down the calendar and take care of the purchase in advance so that there are no unpleasant surprises. After installing the utility, the OS will ask for a reboot, which will need to be done.
- Install the media driver. The next step is to install the digital signature driver. Depending on whether you have a routok or etoken, select the driver and install it in the same automatic mode. Actually, the driver itself is on the drive that you carefully handed over or again via the link: taxnet.ru/software/download (section “Distributions” - Rutoken / Etoken Drivers. There is a slight difference in installing the driver for different types of media: for a rutoken, just install a simple driver in accordance with the bit depth of Windows; the etoken is a bit more capricious, the eToken PKI Client, which is not only a driver, but also a small digital signature control panel, is better suited for installing software. After installing the driver, we restart the computer again.
- Customize the media. Open the control panel, find the CryptoPro icon and launch the utility with Administrator rights. The “Hardware” tab - the “Configure readers” button - the “Add” button (when starting the utility without Administrator rights, the button will most likely be inactive) and from the list of available readers choose the one we need: Active co ru Token 0 (together with Active co ru Token 1 and Active co ru Token 2) or AKS VR 0 (as well as AKS ifdh 0 and AKS ifdh 1), and confirm the choice. Next, in the same tab, click the "Configure media types" button, the "Add" button, and from the list of available media, we again select the ones we need: Rutoken or Etoken.
- Install a personal certificate. Run the CryptoPro utility again - the “Service” section - the “View certificates in container” button - the “Browse” button. In the window of available certificates, select the desired entry (if you previously recorded other certificates on the media - there will be several lines to choose from in the list) and confirm the choice. In the section “Certificate for viewing” - the button “Properties” - the button “Install certificate”.
- Install the certificate of the Certification Authority. As a rule, the CA certificate must be on the disk complete with the EDS and on the website of the Certification Authority itself. When installing a CA certificate, it is important to fulfill the following condition: in the “Certificate Store” section, switch the selection in the “Place all certificates to the following store” field, select Trusted Root Certification Authorities in the list, and confirm your choice. In order to check whether the certificates were installed correctly, launch IE - the “Service” tab - the “Internet Options” section - the “Content” button - the “Certificates” button. In the section of personal certificates we find and open the necessary record, in case of successful installation you will see something like this:
This certificate is intended for:
Protects emails
Confirms the identity of your computer to the remote computer
The class of means EP KS1
The class of means EP KS2
1.2.643.5.5.66.1
If the CA certificate was not installed or expired, or if the personal certificate expired, the message “This certificate could not be verified by following it to a trusted certificate authority” will appear.
2. Requirements for the Company's documents
Most often, the reason for the denial of accreditation becomes an error (or a series of errors) made when executing the documents required from the company for accreditation.
The following general list of recommendations for the execution of documents and their accurate implementation will help reduce the likelihood of a failed outcome to a minimum.
So, recommendations:
- If the document has more than 1 page (for example, the Charter or the Statement of Taxation), it is necessary to pack the document into the archive. The recommended archive format is zip. If you try to attach archives in rar or 7z format to the site, you may receive error messages.
- The total size of a single file should not exceed 10 MB. If your document weighs more than 10 MB, it is recommended to reduce the page resolution in the document or divide the document into several archives. When splitting a document into several archives, it is highly recommended not to use the basic ability of the archiver to automatically split the archive into part1, part2 ... part100. The ETP operator most likely will not accept such paperwork. The recommended way to split the archive is to manually distribute the document pages into separate folders, assign clear names to the folders (for example: Page_1_1 Statute) and add to the archives.
- it is necessary to scan ALL pages of required documents. Even if they are empty. Even if you think they are not needed. The site (and then the state customers) accept scans of documents for consideration only in that case. if scans of all pages are presented. The most common example: during the accreditation of the IP is required to attach a scan of the passport pages. A certain number of accredited “flies” from the first time, because out of habit, only a page with a photo and registration is scanned.
- All sites, without exception, do not like documents in the format “Order” (Order of appointment, Order of renewal of powers, etc.). The initial creation of documents in the “Decision” format (Decision on the appointment, Decision on the extension of authority ”) will significantly save time.
- If your employees are searching for document templates for accreditation, show them the link: www.roseltorg.ru/suppliers/info/get-accreditation . There is everything for free.
3. General browser settings.
For the correct operation of the digital signature on the electronic platforms, several more actions are needed:
- In IE browser, the section “Service” - “Internet properties” - “Security” - “Trusted sites”. Add to the reliable nodes all five ETP in the following format (http and https):
http: //*.sberbank-ast.ru/
https: //*.sberbank-ast.ru/
http: //*.roseltorg.ru/
https: //*.roseltorg.ru/
http: //*.etp.zakazrf.ru/
https: //*.etp.zakazrf.ru/
http: //*.rts-tender.ru/
https: //*.rts-tender.ru/
http: //*.etp-micex.ru/
https: //*.etp-micex.ru/
When adding addresses to trusted sites, we do not tick “For all sites in this zone, server verification (https :) is required.
- ibid, in the “Security” section, open the “Other” section and in the appeared list scroll to the section “ActiveX controls and connection modules”. In this section, all switches are set to “Enable” and confirm the selection. After this procedure, it is recommended to reopen the “Other” section and view the ActiveX section, sometimes some switches fly to the “off” state.
- Difficulties in accreditation can be created by various browser add-ons, for example: the Skype plugin “click to call” and others. Ideally, if you do not specifically need any specific add-ons, disable everything. You can open the list of add-ons through “Service” - “Add-ons”.
- It will not be superfluous to also disable pop-up blocking.
4. Accreditation.
For successful accreditation, it remains to overcome the last difficulty: installing the Capicom library. At each ETP, this library must be installed separately (Capicom on the RTS-Tender is not suitable for the MICEX ETP, etc.), it is also necessary to take into account an interesting nuance: Capicom is installed in several stages. It looks like this: when you try to open an accreditation form to fill in the data, a sign or a pop-up window appears, calling for the installation of the Capicom library or its accompanying plug-in. Click install the library, the page automatically refreshes and a message appears again about the need to install the library and so on in a circle. At the Sberbank-AST site, it is necessary to additionally install Capicom via the link: 32-bit (http://www.sberbank-ast.ru/Docs/faq/CAPICOM-KB931906-v2102.zip) 64-bit (http: // www. sberbank-ast.ru/Docs/faq/Capicom%20Win7%20(64bit).rar). On some sites, this procedure (installing Capicom - automatic page refresh) must be repeated 5-7 times, before the library is fully installed and another message appears, for example, with a suggestion to enter the pin code of the device.
Useful information: if you are not informed of the PIN of your token, you can try entering the standard code:
- for Rutoken: 12345678
- for Etoken: 123456789 or 1234567890
After all the settings made, it remains to perform a standard series of actions:
- fill in all fields in the application forms for accreditation (5 sites = 5 applications), while some fields are not available for manual editing, since autocomplete with information from EDS;
- indicate bank details, incl. and the legal address of your bank;
- attach documents to the relevant sections (at the sites: Sberbank-AST and the Order of the Russian Federation it is necessary, before applying for accreditation, separately sign each attached document);
- send an application for accreditation, confirm the application (a letter will be sent to the post office requesting confirmation of the application);
- prepare for a flurry of calls to the phone number you specified during the accreditation. Will offer - bank guarantees and loans, tender support and other related.
Despite the fact that regular access to the ETP is carried out via an electronic signature, it is recommended to carefully record and save the login / password pairs for each site.
We have no doubt that everyone who first embarked on the accreditation path (pathos +100) will definitely succeed! But if you have any questions - welcome to the comments.
Source: https://habr.com/ru/post/226613/
All Articles