Help to configure cryptographic programs to work with the portal of electronic accounts. Make sure the SSL and TLS protocols are included with SSL TLS protocol

Authorization on the portal is possible with a valid open key certificate obtained in the infrastructures of the open keys of the Certifying Center of the RUE "Information and Publishing Center for Taxes and Claims" (hereinafter referred to as IIC RUE) or in the Republican Certification Center State system Control open keys Checks electronic digital signature Of the Republic of Belarus (hereinafter referred to as Ruz Gossovok).

Make sure you have a disk on your hands with current software and key information carrier, so-called. The key (for example, Avpass, Avtoken, Avbign).

To work with the electronic invoicing portal, you need:

Open the viewing of the system: the right key on the computer label (My computer) properties.

Look at what properties look like operating system:

The build year must comply with the real year of the operating system output, for example:

• for Windows XP - 2002
• for Windows 7 - 2009, etc.

There should be no extraneous pictures except windows logo (On pre-installed systems from well-known manufacturers of computers, manufacturers and / or activation information may also be present.

Common builds with which problems may arise: ZverCd, ZverDVD, PITERPEN, Goletsa I.T.P.

The work of cryptographic components on such assemblies is not guaranteed.

The subscriber includes:

• Cryptoprovider Avest CSP 6.3.0.791;
• Cryptoprovider Avest CSP BEL 6.3.0.791;
• Personal certificate manager 4.0.6;
• AVCMXWebp plugin 1.1.8;
• Avjaceprov 1.3.1;

ATTENTION! If this cryptographic software is not installed on the user's PC, the work of the entire functional of the portal and web service is not guaranteed!

Software in which the subscriber's kit includes the appropriate settings for the infrastructure of the IITR RUE or RUC Gossovok and personal certificate Organizations apply to a CD. The certificate is usually issued for several years, therefore programs transmitted on the disk can overreach over time. On the this moment The current version of the cryptoprovider for users with certificates from the infrastructure of the IITR RUE or RUC Gossovok:

Avest CSP. (Check the version by opening Start - All Programs - Avest - Avest CSP - Version Tab).

Avest CSP Bel. (Check the version by opening Start - All Programs - Avest - Avest CSP BEL - Tab "Version").

If you have more on your computer old version Cryptoprovider Avest CSP or Avest CSP BEL, it is best to use the update of the entire subscriber's set. For this:

1. Download and save an archive to your computer with a relevant set of subscriber for Avtoken or AVPASS media.
2. Programs are in the archive. Be sure to unpack the archive before installing the programs.
3. Go to the unpacked directory with files .. \\ avpkisetup (4.0.6.bign) \\.
4. If you do not have a certifice in a personal directory
   Find the folder .. \\ Data \\ and copy the certificate chain in * .p7b format with your current certificate from the IITR. The installer will not only update your programs, but also launches the import of this certificate to a personal directory.
5. If you have a current certificate in the personal directoryThe installation can be started simply in update mode by: Locate the AvpkiSetup2.exe file and start it with a double mouse click. The software update wizard will be launched. Follow the instructions of the installation wizard. Be careful, it is possible during the installation process you will need to restart the computer.
6. detailed instructions On the use of the AVPKISETUP automatic installer, it is in the same Achiv in the folder .. \\ avpkisetup (4.0.6.bign) \\ docs \\ Installation instructions for installing the AVPKISTUP to the NCES 2.0.PDF workplace.

Make sure your certificate is valid. Open a personal manager that matches the certificate, pass authorization, make sure that the certificate is valid and SOS did not expire.

Expite SOS. Use the button automatic update Actual lists of recalculated certificates.

Imports

Imports

If you are using Windows Server 2008R2, Windows Server 2012R1 or Windows Server 2012R2, then you may have problems with authorization over a protected connection. We recommend the following solution:

1. Save this file to a computer in such a place where you will definitely find it (for example, select "My Computer" - disk C: / or the "Download" folder).
2. Unpack the archive.
3. Run the file double click (changes need to be made with administrator rights).
4. Allow me to make changes to the registry.
5. Perform a computer to restart after making all changes.

Launch Internet Explorer.. In the menu bar, select the settings icon and item in it.

A browser / browser properties window opens. Select tab "Safety".

On the Safety tab, click on the green tick, and then on the button "Nodes / sites".

Window opens. In field "Add the following node to zone" enter the address on which the entrance is in personal Area (*.website). Remove the tick opposite the phrase: "For all nodes of this zone, the servers check (https :) And click the button "Add".

After that the address will appear in the list of web nodes. Press the button "Close".

Tab will open again "Safety". Press the button "Other".

Window opens with title "Security parameters - reliable zone zone". Scroll down to the header "ActiveX Elements and Connection Modules". EVERYTHINGthat is below this title until the end of the list must be Included. Scroll through this list to the end down and turn on EVERYTHING Elements of security parameters, after which click the "OK" button.

After pressing the button "OK" A warning window will appear: "Do you really want to change the setting for this zone?". Press the button "Yes".

When visiting the website, if you encountered an error first, it is not your fault of the error. This can happen to any browser, including browser Chrome., Yandex, Firefox, Internet Explorer or EDGE. When you try to connect to the Web site, you can get another error message. and displays the following error code ERR_SSL_PROTOCOL_ERROR. In most cases, this error occurs due to a server problem or a SSL certificate problem, which is rejected by the browser, since the certificate has a problem. It is also possible that the downloaded certificate on your PC is damaged or the configuration of your PC for TSL / SSL is incorrectly configured. In this manual, we will analyze some tips for correcting this error.

Error message: This site can not provide safe connection . Error code: or ERR_SSL_PROTOCOL_ERROR.

The rapid solution of these errors may be - this is not the correct date on the computer and antivirus. What to do?

• Check and exhibit right date, Number and belt.
• Disable at time antivirus Product or add a certificate to the exclusion of scanning. Turning off the antivirus in such a situation can be a dangerous solution if you have something to lose (data cards, personal data, passwords). You need to be sure that he is not malicious.

Before proceeding, I advise you to get acquainted what is SSL 3 / TLS Wikipedia or in the search for Yandex or Google. Since SSL and TLS protocols are not safe. This may be a temporary solution.

1. Can you access the website using HTTP?

Try to access the site using only HTTP at the beginning of the URL, and if you see the same problem, the problem is related to the website. If you are the owner of the website, you need to check two things:

• Does your SSL certificate name matches? Make sure that the name and aliases of the sites coincide with the actual website URL where the certificate is installed.
• Does your server use RC4 Cipher? If so, you need to fix it.

As a website owner, you also need to check if your CDN SSL protocol supports. Most of the CDN now supports SSL, and everything you need is to configure it. Otherwise, refer to the technical support of your hosting, they will help you.

2. Enable SSL 3 / TLS and disable Quic Protocol

Chrome. and Yandex Browser:

Disconnecting the Quic Protocol method in Chrome or Yandex is one of the proven SSL error correction methods. Therefore, if you want to disable the QUIC protocol in the browser, then copy the following address and paste it into the address bar of the browser chrome: // Flags / # Enable-Quic , Find Experimental Quic Protocol and disconnect it Disabled.. Restart the browser.

If it does not help, you open the Chrome or Yandex browser and enter in the address bar chrome: // Flags . Next in the search field we write TLS and turn on. Also, in the same search field, we write SSL and turn on His too. Enabled is translated as enabled.

Edge. and Internet Explorer:

Press the button combination Win + R. and enter inetcpl.cpl,

Go to the "Advanced" tab and turn on " Use TLS 1.1."And" Use TLS 1.2.". There is a moment if it did not work, then go back to these parameters and turn on more SSL 3.0.

Firefox:

Enter about: Config In the address bar and press ENTER. Further in the search dial tLS. and find security.tls.version.min. Click on this parameter twice and set the value. 3 to make the protocol work TLS 1.3.. Click "OK" and restart the Firefox browser.

3. Delete SSL status

Press the button combination Win + R. and enter inetcpl.cpl, To open the properties of the Internet.

TLS errors Connections in Sberbank Business Online is a problem with which sometimes collide to users of the system. Lately remote control Banking operations acquired great popularity. Many companies and private enterprises appreciated the convenience of service: now there is no need to spend time to visit the bank, and account management, the payment of payment orders can be carried out directly in the office at the desktop. As in any system, there are no rare failures in work. This is not avoided. Better to know about possible problemsTo easily cope with them.

The work of any service is inevitably connected with the presence of single difficulties in the connection

It is impossible to provide for all errors in the work, but there are most common, which in most cases can be eliminated themselves.

• Incorrect login and password entry. Such an inscription on the monitor indicates that the login and password really were entered incorrectly. Solve the problem simply: Reload this page, log in again, but at the same time it is extremely carefully specifying an identifier and password.
• Error 401.. It appears during the login. There is a reason for the work of the computer itself ( outdated version OS or browser, locking antivirus or ordinary failure). The output is as follows: Refresh the browser, install a business bank service online to an anti-virus list of exceptions or just re-log in.
• Control error. It occurs when the payment document is generated, if errors are allowed in filling. The system automatically accepts the document as irrelevant. To eliminate this trouble, it is worth releading all the data entered in the document fields, correct inaccuracies, and again set the checks.
• Internal server error. It is not necessary to worry here at all and wait for a while: all the failures of the server are engaged in the bank specialists. It is enough to inform about it in the technical support service.

This article contains the most common problems in the Bank's service and the ways to eliminate them.

Problem number 0100.

Bug TLS connections 0100 Sberbank Business online warns about certificate problems. When entering the system, the procedure for checking and confirming its authenticity. The Bank's server carries out the authentication of the certificate, the validity period compares the URL address with the specified address in the certificate.

TLS error connections 0140

The causes of this problem may be several. Of course, it can be an elementary program failure. But most often this is due to the use of electronic digital signature. It is the identifier of the user and applies when visiting various documents. Most likely, the duration of the signature could expire, and therefore it is outdated and is not valid. To do this, you need to update it. If the validity period has not yet expired, it is necessary to verify the correctness of the filling of the fields. You may need to install Capicom to attach a digital signature. In any case, you need to quickly respond and seek help in the technical support service of the bank, pre-specifying the code and the action preceding the emergence of the error. So that in the future it did not occur similar problems, you need to know when the caption expires.

You can check this in the certificate store. The replacement should be carried out in advance: during the update of the certificate, there may be situations in the work when you will urgently sign any payment documents.

In working with the Bank's service, users are often faced with difficulties.

Problem number 0160.

If the message "TLS error 0160" in the Sberbank system appears on the screen, this suggests that the service failed to check the authenticity of the Customer Certificate. This may mean one thing that the PIN code ended the validity period. The solution is simple - contact the banking institution to obtain a new token and PIN codes.

Conclusion

Many business structures work with the Sberbank Business Program online, and not rare cases of errors of TLS connections. Since the money turning in many companies is essential, then the decision to eliminate the problem should immediately. It is impossible to hope that this is an ordinary system failure. This can be like malfunctions on the server. But most often, this arises due to the inconsistency of the requirements imposed by technical equipment when connecting to the program. It is necessary to seriously approach the software so that there are no such problems in the future. In any case, to speed up the decision of this issue should immediately contact technical support banking institution.

If you encountered a problem at which an error of access to a specific site occurs, a message appears in the browser, there is a reasonable explanation. Causes and ways to eliminate the problem result in this article.

SSL TLS protocol

Users of budget organizations, and not only budget, whose activities are directly related to finance, in cooperation with financial organizations, such as the Ministry of Finance, Treasury, etc., all their operations are carried out exclusively on the SSL protected protocol. Basically, in your work they use Internet Explorer browser. In some cases, Mozilla Firefox.

Error SSL.

The focus, when conducting these operations, and work as a whole, is given to the protection system: certificates, electronic signatures. For work is used software Cryptopro actual version. Concerning problems with SSL and TLS protocols, if a error SSL. Appeared, most likely there is no support for this protocol.

TLS error

TLS error In many cases, it may also indicate the lack of support for the protocol. But ... let's see what can be done in this case.

SSL and TLS Protocol Support

So, for using Microsoft. Internet Explorer to visit the SSL protected web site, the title bar displays Make sure that sSL protocols And TLS are included. First of all, it is necessary to enable support for the TLS 1.0 protocol in Internet Explorer.

If you visit the website on which Internet Information Services 4.0 or above, configuring Internet Explorer to support TLS 1.0 helps protect your connection. Of course, provided that the remote web server you are trying to use supports this protocol.

To do this in the menu Service Select Team Properties of the Observer.

On the tab Additionally In chapter SafetyMake sure the following flags are selected:

• Use SSL 2.0.
• Use SSL 3.0.
• Use SSL 1.0.

Press the button Apply , and then OK . Restart browser .

After turning on TLS 1.0, try to visit the website again.

System security policy

If still occur errors with SSL and TLSIf you still can't use SSL, a remote web server probably does not support TLS 1.0. In this case, you need to disable the system policy that requires FIPS-compatible algorithms.

To do this, in Control panels Choose Administrationand then double click the icon Local security policy.

IN local parameters Security, expand the node Local politiciansand then click Security parameters.

In accordance with the policy in the right part of the window, double-click System Cryptography: Use FIPS-compatible algorithms for encryption, hashing and signingand then click Disabled.

Attention!

Change comes into force after reuse local Policy security. Turn it on, restart the browser.

Cryptopro TLS SSL.

Refresh Cryptopro

One of the solutions to the problem is to update cryptopro, as well as a resource setup. In this case, this is working with emails. Navigate to the Certification Center. As a resource, select electronic trading platforms.

After launch automatic setting workplace, will remain only wait for completion of the procedure, then reload browser. If you need to enter or select the resource address - choose the desired one. Also, at the end of the setting, it may be necessary to restart the computer.