Contacts
home

Make sure the ssl and tls protocols are enabled. Help with configuring cryptographic programs to work with the Electronic Invoice Portal Delete SSL state

Authorization on the Portal is possible with a valid public key certificate obtained in the public key infrastructures of the certification center RUE "Information and Publishing Center for Taxes and Duties" (hereinafter - RUE IIC) or in the Republican Certification Center State system management public keys verification of electronic digital signature Of the Republic of Belarus (hereinafter - RTC GosSUOK).

Make sure that you have on hand a disc with up-to-date software and a carrier of key information, the so-called. key (e.g. AvPass, AvToken, AvBign).

To work with the portal for submitting electronic invoices, you need:

Open the system properties view: Right key by shortcut Computer (My Computer) - Properties.

Take a look at what the properties look like operating system:

The build year must correspond to the actual release year of the operating system, for example:

  • for Windows XP - 2002
  • for Windows 7 - 2009, etc.

There should be no extraneous pictures, except Windows logo(pre-installed systems from well-known computer manufacturers may also have manufacturer logos and / or activation information).

Common assemblies that can cause problems: ZverCD, ZverDVD, PiterPen, Goletsa, etc.

Cryptographic components are not guaranteed to work on such assemblies.

The subscriber's kit includes:

  • Crypto provider Avest CSP 6.3.0.791;
  • Crypto provider Avest CSP Bel 6.3.0.791;
  • Personal certificate manager 4.0.6;
  • AvCMXWebP plugin 1.1.8;
  • AvJCEProv 1.3.1;

ATTENTION! If this cryptographic software is not installed on the user's PC, then the operation of the entire functionality of the portal and web service is not guaranteed!

Software, which includes a subscriber's kit with appropriate settings for the infrastructure of RUE IIC or RTC GosSUOK and personal certificate organization is distributed on CD. The certificate is usually issued for several years, so the programs transferred on the disk can become outdated over time. On this moment the current version of the encryption provider for users with certificates from the infrastructure of RUE IIC or RTC GosSUOK:

Avest CSP(Check the version by opening Start - All Programs - Avest - Avest CSP - Version tab).

Avest CSP bel(Check the version by opening Start - All Programs - Avest - Avest CSP bel - "Version" tab).

If you have more than old version of the Avest CSP or Avest CSP bel encryption provider, it is best to use the update of the entire subscriber package. For this:

  1. Download and save on your computer an archive with the current subscriber kit for AvToken or AvPass carriers.
  2. The programs are in the archive. Be sure to unzip the archive before installing the programs.
  3. Go to the unpacked directory with the files .. \ AvPKISetup (4.0.6.bign) \.
  4. If you do not have a certificate in your personal directory
    Find the .. \ data \ folder and copy the certificate chain in * .p7b format with your current certificate from RUE IIC into it. The installer will not only update your programs, but will also start importing this certificate into your personal directory.
  5. If you have a valid certificate in your personal directory, then the installation can be started simply in the software update mode: Find the file AvPKISetup2.exe and run it by double-clicking it. The software update wizard will start. Follow the instructions of the installation wizard. Be careful, you may need to restart your computer during the installation process.
  6. detailed instructions for using the automatic installer AvPKISetup is located in the same archive in the folder .. \ AvPKISetup (4.0.6.bign) \ Docs \ Instructions for installing software using AvPKISetup on workplace NCES 2.0.pdf.

Make sure your certificate is valid. Open the personal manager corresponding to the certificate, go through authorization, make sure that the certificate is valid and the SOS has not expired.

SOS expired. Use the button automatic update current Lists revoked certificates.

SOS import

SOS import

If you are using Windows Server 2008R2, Windows Server 2012R1 or Windows Server 2012R2, then you may have problems with authorization over a secure connection. We recommend you the following solution:

  1. Save this file to your computer in a place where you can definitely find it later (for example, select "My Computer" - drive C: \ or the "Downloads" folder).
  2. Unpack the archive.
  3. Run the file with a double click (changes must be made with administrator rights).
  4. Allow changes to the registry.
  5. Restart your computer after making all the changes.

Run Internet Explorer... In the menu bar, you must select the icon with the settings and the item in it.

The Internet / Browser Properties window will open. Select tab "Security".

On the security tab, click on the green checkmark, and then on the button "Nodes / Sites".

A window will open. In field "Add the next node to the zone" enter the address at which you enter the Personal Area (*.site)... Uncheck the box next to the phrase: "All nodes in this zone require server verification (https :)" and press the button "Add".

Then the address will appear in the list of Websites. Press the button "Close".

The tab will reopen "Security"... Press the button "Another".

A window will open with the name "Security Settings - Trusted Sites Zone"... Scroll down to heading ActiveX controls and plugins. ALL what is below this heading to the end of the list should be INCLUDED... Scroll to the bottom of this list and turn on ALL elements of security parameters, and then click the "OK" button.

After pressing the button "OK" a warning window will appear: "Are you sure you want to change the setting for this zone?"... Press the button "Yes".

If you are faced with an issue in which there is an error accessing a specific site, and a message appears in the browser, there is a reasonable explanation. The reasons and solutions to the problem are given in this article.

SSL TLS

Users of budgetary organizations, and not only budgetary ones, whose activities are directly related to finance, in interaction with financial organizations, for example, the Ministry of Finance, Treasury, etc., carry out all their operations exclusively using the secure SSL protocol. Basically, in their work, they use Internet browser Explorer. In some cases, Mozilla Firefox.

SSL error

The main attention, when carrying out these operations, and the work in general, is paid to the security system: certificates, electronic signatures... Used for work software CryptoPro current version... Concerning problems with SSL and TLS protocols, if SSL error appeared, most likely there is no support for this protocol.

TLS error

TLS error in many cases can also indicate a lack of protocol support. But ... let's see what can be done in this case.

SSL and TLS protocol support

So, at using Microsoft Internet Explorer to visit the SSL secured website, the title bar displays Make sure the ssl and tls protocols are enabled... The first step is to enable TLS 1.0 support in Internet Explorer.

If you visit a website that is running Internet Information Services 4.0 or higher, Internet setup Explorer for TLS 1.0 support helps secure your connection. Provided, of course, that the remote web server you are trying to use supports this protocol.

For this in the menu Service select team Internet options.

In the tab Additionally In chapter Security, make sure the following check boxes are selected:

  • Use SSL 2.0
  • Use SSL 3.0
  • Use SSL 1.0

Click the button Apply , and then OK . Restart your browser .

After enabling TLS 1.0, try visiting the website again.

System security policy

If still occur SSL and TLS errors if you still can't use SSL, the remote web server probably doesn't support TLS 1.0. In this case, you must disable the system policy that requires FIPS-compliant algorithms.

To do this, in Control panels choose Administration and then double-click the icon Local security policy.

V local parameters security, expand the node Local Policies and then press the button Security options.

According to the policy on the right side of the window, double click System cryptography: use FIPS-compliant algorithms for encryption, hashing, and signing and then press the button Disabled.

Attention!

The change takes effect after reapplication. local policy security. Turn it on, restart your browser.

CryptoPro TLS SSL

Update CryptoPro

One of the options for solving the problem is updating CryptoPro, as well as setting up the resource. In this case, it is working with electronic payments. Go to the Certification Center. Select Electronic marketplaces as a resource.

After launch automatic tuning workplace, there will be only wait until the end of the procedure, then restart browser... If you need to enter or select a resource address, select the one you need. Also, after completing the setup, you may need to restart your computer.

When visiting a website, if you encounter an error in the first place it is not your fault. This can happen with any browser including Chrome browser, Yandex, Firefox, Internet Explorer or Edge. You may receive another error message while trying to connect to the website. and displays the following error code ERR_SSL_PROTOCOL_ERROR. Most of the time, this error occurs due to a server issue or an issue with an SSL certificate that is rejected by the browser because the certificate has a problem. It is also possible that the downloaded certificate on your PC is corrupted or your PC's configuration for TSL / SSL is misconfigured. In this guide, we'll go over some tips to fix this error.

Error message: This site cannot provide secure connection ... Error code: or ERR_SSL_PROTOCOL_ERROR.

A quick solution to these errors can be - it is not the correct date on the computer and the antivirus. What to do?

  • Check and expose correct date, number and belt.
  • Disable for a while antivirus product or add the certificate to scan exclusions. Disabling antivirus in such a situation can be a dangerous decision if you have something to lose (card data, personal data, passwords). You need to make sure the website is not malicious.

Before proceeding, I advise you to familiarize yourself with what is SSL 3 / TLS on wikipedia or in a Yandex or Google search. Since SSL and TLS protocols are not secure. This may be a temporary solution.

1. Can you access the website using HTTP?

Try to access the site using only HTTP at the beginning of the url and if you see the same problem, the problem is with the website. If you own a website, there are two things you need to check:

  • Is your SSL certificate name the same? Make sure the site name and alias match the actual URL of the website where the certificate is installed.
  • Is your server using RC4 Cipher? If so, you need to fix it.

As a website owner, you also need to check if your CDN supports SSL. Most CDNs now support SSL, and all you need to do is set it up correctly. Otherwise, contact the technical support of your hosting, they will help you.

2. Enable SSL 3 / TLS and disable QUIC protocol

Chrome and Yandex browser:

Disabling QUIC Protocol method in Chrome or Yandex is one of the proven fix methods SSL errors... Therefore, if you want to disable the QUIC protocol in the browser, then copy the following address and paste it into the address bar of the browser chrome: // flags / # enable-quic, then find Experimental QUIC protocol and disable it, Disabled... Restart your browser.


If it does not help, then open the Chrome or Yandex browser and enter in the address bar chrome: // flags... Next, in the search field, write TLS and enable... Also, in the same search field, we write SSL and enable him too. Enabled is translated as enabled.


Edge and Internet Explorer:

Press the button combination Win + R and enter inetcpl.cpl,


Go to the "Advanced" tab and enable " Use TLS 1.1" and " Use TLS 1.2". There is a moment, if it did not work, then go back to these parameters and turn on more SSL 3.0.

Firefox:

Enter about: config in the address bar and press Enter. Next in the search, type tls and find security.tls.version.min. Double click on this parameter and set the value 3 to make the protocol work TLS 1.3... Click "OK" and restart your Firefox browser.



3. Remove SSL State

Press the button combination Win + R and enter inetcpl.cpl, to open internet properties.


Errors of TLS connections in Sberbank Business Online are a problem that users of the system sometimes have to face. Recent times remote control banking operations has become very popular. Many companies and private enterprises have appreciated the convenience of the service: now there is no need to waste time visiting the bank, and account management, filling out payment orders can be carried out right in the office at the desktop. As with any system, malfunctions are not uncommon here. This cannot be avoided. It is better to know in advance about possible problems to deal with them easily.


The work of any service is inevitably associated with the presence of single difficulties in connection

It is impossible to foresee all the errors in the work, but there are the most common ones, which in most cases can be eliminated on your own.

  • Incorrect login and password... Such an inscription on the monitor indicates that the username and password were indeed entered incorrectly. The solution to the problem is simple: reload the page, log in again, but at the same time very carefully specify the ID and password.
  • Error 401... It appears during login. Here, the reason may be the work of the computer itself ( outdated version OS or browser, blocking by antivirus or common failure). The solution is as follows: update the browser, install the Business Online bank service in the anti-virus list of exceptions, or simply re-enter.
  • Control error. Occurs during the formation of a payment document if errors in filling are made. The system automatically accepts the document as out of date. To eliminate this problem, it is worth re-checking all the data entered in the fields of the document, correcting inaccuracies, and re-installing the "payment" check.
  • Internal server error. There is no need to worry at all here and wait a while: all server failures are dealt with by the bank's specialists. It is enough to inform the technical support service about it.


This article contains the most common problems in the bank service and ways to fix them.

Issue number 0100

TLS connection error 0100 Sberbank Business Online warns of problems with the certificate. When entering the system, the procedure for checking and confirming its authenticity takes place. The bank server checks the authenticity of the certificate, expiration date, compares the URL with the specified address in the certificate.

TLS connection error 0140

There can be several reasons for this problem. Of course, this could be a simple program glitch. But most often this is due to the use of an electronic digital signature. It is a user identifier and is used when signing various documents. Most likely, the signature could have expired, and therefore it is outdated and not valid. To do this, you need to update it. If the validity period has not yet expired, you need to check the correctness of filling in the fields. You may need to install Capicom to attach a digital signature. In any case, you need to quickly respond and contact the bank's technical support service for help, having previously indicated the code and actions that precede the occurrence of the error. So that in the future it does not arise similar problems, you need to know when the signature expires.

You can check this in the certificate store. The replacement should be carried out in advance: during the renewal of the certificate, situations may arise in the work when it is necessary to urgently sign any payment documents.


Users often encounter difficulties in working with the bank's service

Issue number 0160

If the message "TLS connection error 0160" appears on the screen in the Sberbank system, this indicates that the service failed to verify the authenticity of the client certificate. This may mean one thing that the pin code has expired. The solution is simple - contact a banking institution to get a new token and pin codes.

Conclusion

Many business structures work with the Sberbank Business Online program, and TLS connection errors are not uncommon. Since the money turnover for many companies is significant, a decision should be made to fix the problem immediately. It cannot be hoped that this is an ordinary system failure. This can be, as well as a problem on the server. But most often this occurs due to the inconsistency of the requirements for the technical equipment when connecting to the program. You should take the software seriously so that such problems do not arise in the future. In any case, in order to speed up the solution of this issue, you should immediately contact the service technical support banking institution.



Did you like the article? Share it
Recommended related articles
Management and functions of the Not Enough Items modManagement and functions of the Not Enough Items mod
Troubleshooting TLauncherTroubleshooting TLauncher
Why isn't Instagram looking for location: the main reasons?Why isn't Instagram looking for location: the main reasons?
Visitors are now discussing
How to clear cache in vk appHow to clear cache in vk app Useful
Basic operations on matrices (addition, multiplication, transposition) and their propertiesBasic operations on matrices (addition, multiplication, transposition) and their properties LG TVs
Lithium polymer batteriesLithium polymer batteries Useful
Identical conversions of logical expressionsIdentical conversions of logical expressions D-link