home > Road transport equipment

Sberbank ast entrance with a new certificate. Certificate not associated with user - Sberbank AST

Thank you very much, Mikhail, everything was done promptly and, most importantly, it was clear to me ... Since we have found a common language. I would like to keep in touch with you in the future. I hope for fruitful cooperation.

Olesya Mikhailovna - General Director LLC "VKS"

On behalf of the State Unitary Enterprise "Sevastopol Aviation Enterprise" we express our gratitude for the professionalism and efficiency of your company! We wish your company further prosperity!

Guskova Liliya Ivanovna - manager. SUE "SAP"

Thank you Michael for your help with the design. Very qualified employee +5!

Nadiya Shamilyevna - Entrepreneur IP Anoshkina

On behalf of the company "AKB-Avto" and on my own behalf, I express my gratitude to you and all the employees of your company for productive and high-quality work, sensitive attitude to customer requirements and promptness in the execution of ordered work.

Nasibullina Alfira - Senior Manager"AKB-Auto"

I want to thank the consultant Mikhail for the excellent work, timely and complete consultations. He is very attentive to the client's problems and questions, promptly solving the most difficult situations that would seem to me. It's a pleasure to work with Michael!!! I will now recommend your company to my clients and friends. Yes, and technical support consultants are also very polite, attentive, they helped to cope with the difficult installation of the key. Thanks!!!

Olga Sevostyanova.

Acquisition of the key turned out to be very easy and even pleasant. Many thanks for the assistance to the manager Michael. Explains things that are complex and massive to understand, concisely, but very clearly. In addition, I called the toll-free hotline and left a request online, together with Mikhail. I got the key in 2 business days. In general, I recommend it if you save your time, but at the same time you want to have an understanding of what you are buying and what you are paying for. Thank you.

Levitsky Alexander Konstantinovich Samara

Personal gratitude to the consultant Mikhail Vladimirovich for the prompt consultation and work on the accelerated receipt of the ES certificate. During the preliminary consultation, the optimal set of individual services is selected. The end result is immediate.

Stoyanova N.L. - Chief Accountant LLC "SITECRIME"

Thanks for the quick work and expert help! I was very pleased with the advice!

Dmitry Fomin

LLC "Expert System" thanks the consultant Mikhail for the prompt work! We wish your company growth and prosperity!

Sukhanova M.S. - AppraiserLLC "Expert System", Volgograd

Thanks to the consultant, who introduced himself as Mikhail, for the efficiency in working with clients.

Ponomarev Stepan Gennadievich

Many thanks to the consultant Mikhail, for the assistance in obtaining the EDS. For prompt work and advice on issues arising in the process of registration.

Leonid Nekrasov

The company, represented by consultant Mikhail, does the impossible! Speed ​​up accreditation in less than 1 hour! Payment upon rendering of the service. I thought this didn't happen. With full responsibility, I can advise you to contact the Center for issuing electronic signatures.

Closed Joint Stock Company Sberbank Automated Trading System (Sberbank AST) is an electronic trading platform (ETP) at the federal level. Both commercial organizations and municipal structures can work in the system of procurement of services and goods, and in order to obtain accreditation, users must have an electronic signature. One of the few errors that occur when working on the ETP is related to the inability to match the client certificate with the user.

The trading platform operates on the basis of the Federal Law "‎On the contract system in the field of procurement of goods, works and services"‎, and the provision of the bill applies to all ongoing operations, including the sale of bankrupt property (44-FZ). The client certificate is not associated with the user - one of the errors that sometimes occur when going to the website of the trading platform (https://sberbank-ast.ru). After notification, the system offers re-entry of data for authorization and the procedure for associating a user with an existing certificate. The error looks like this:

It fails for several reasons:

  • the organization or the user has not created a profile on the electronic trading platform;
  • an organization or a user uses a certificate that has not been previously registered on the ETP;
  • This certificate has already been accredited.

Usually, an error is caused by a violation of the entire system of certificates in the Sberbank database.

Debugg

There are several ways to fix the error. First you need to register a new user of the trading platform. In the menu, select the section "Participants" and "Registration". Then go to the block "Registration of a new user" and click "Apply". A window with a list of required documents will open.

To continue registration, the user needs to select a certificate and proceed to fill out the form. Required fields are marked with an asterisk (*). Be sure to indicate a new password and login, because. re-entering an already registered one will result in a system error. After specifying all the data, the form is sent for verification. You can do this automatically if you put the role "Administrator of the organization", or using an email to the address [email protected].

After the application is approved, the user logs in with a new username and password.

Linking a certificate to an ETP

If, upon re-entry with new data, the incompatibility error is repeated, then it is necessary to bind the new certificate to the electronic trading platform. You can do it like this:

  1. Log in to the UIS system (http://www.zakupki.gov.ru/).
  2. Open the check-boxes associated with the bank in "Access rights".
  3. Log out of your personal account, close your browser.
  4. Launch browser and clear cache.
  5. Log in to the UIS system and check the boxes next to the powers of the Sberbank trading platform.
  6. Try to re-authorize on the Sberbank AST website.

Sometimes it takes 2 or 3 attempts to clear the cache to enter. You can also change minor information in personal data to export the result to the marketplace website and fix the error.

If the error repeats even after a few hours when you re-enter, then you need to contact the technical support service of Sberbank AST, as well as the certification center to check the validity of the EDS certificate.

When working on the electronic trading platform of Sberbank, sometimes an error occurs during authorization. The system notification "The client certificate is not associated with the user" indicates that there is no profile on the trading platform or a certificate that is not registered on the ETP is used. Less commonly, an error indicates an already existing accreditation for a given EDS private key. Usually, entry becomes possible after registering a new user or linking a certificate to a personal account on an electronic trading platform. In case of repeated problems with logging in, it is better to contact the user support center and check the health of the certificate and digital signature carrier.



You can get detailed information on registering a certificate on the ETP, as well as information on other sections and sites that are not presented in the instructions, from the support specialists of a particular ETP.

Sberbank-AST

  1. On the main page of the ETP, without entering the Personal Account, click the "For Participants" section and the "Registration" button in the drop-down list.
  2. Click on the "Select" button opposite the item "Registration of a participant user (new electronic signature certificate)" and select one of the buttons on the right:
    - "Apply" - to add a new user.
    - "Bind certificate to registered user" - to renew the certificate of an existing user.
  3. In the form that appears, select a new certificate and click "Fill in the registration form".
  4. Fill in the form fields. If you add a new user, then the login must be different from the previously used one.
  5. Click Sign and Send.

After completing these steps, you can immediately enter the ETP using a new certificate.
ETP technical support.

USP Sberbank-AST (utp.sberbank-ast.ru)

  1. Log in to your ETP personal account using your login and password or a valid certificate that allows you to log in. If you do not remember your username and password, use the "Forgot your password?" on the login page to reset your password. If you do not remember the data, then use site instructions.
  2. Select the "Personal Account" section and the "Register of Representatives" button in the drop-down list.
  3. Click the "Change user certificate data" button for the desired user.
  4. In the required field, upload the public key file of the new certificate and click the "Sign and save" button.


For questions related to work on the site, filling out forms and documents, please contact ETP technical support.

EETP "Roseltorg"

Up-to-date instructions for adding a certificate to sections of Roseltorg are located at https://www.roseltorg.ru/faq/personal. Select the section you need and read the instruction "How to upload an electronic signature (ES)".

For questions related to work on the site, filling out forms and documents, please contact ETP technical support.

National electronic platform

1 way

  1. Log in to your personal account using your login-password, or using the old certificate, if it is still valid, or through the ESIA.
  2. Expand the "My Account" section and select "Download certificates", then specify the desired certificate.

2 way

  1. On the main page of the ETP, without entering the Personal Account, select the "Participants" section and click on the "Registration of Power of Attorney" button in the drop-down menu.
  2. Fill out the form in which you need to specify a new username and password.
  3. In the last field, select a new certificate and click on the "Submit" button.
  4. Within an hour, a letter will come to the mail, in it follow the link and specify a new login and password to enter.

After performing the actions indicated in the methods, it will be possible to immediately enter the ETP using a new certificate.
For questions related to work on the site, filling out forms and documents, please contact ETP technical support.

RTS-Tender

The order of actions of the Participants when working with users of the organization depends on whether the organization of the Participant is registered in the Unified Information System.

— The participant is registered in the EIS

After the registration of the Participant in the UIS, the actions to add users of the organization are performed by the Participant in the Personal Account of the UIS.

— The participant is accredited on the site, but not registered in the EIS

Actions to add a user are carried out on the Electronic Platform. To add an electronic signature to a Participant who is not registered in the EIS:

  1. Open the main page of the RTS tender and select the "44-FZ" section, then the "Participants" section;
  2. Click on the "Add User" section or go to the "Accreditation" section and click on the "Request to add a new user of the organization" link, which is located under the "Continue registration" button;
  3. The "Application for adding a user" form will open. In the "Certificates" field, click the "Select from list" button. Select your certificate and click OK. The data specified in the certificate will automatically fill in a number of fields in the "Application for adding a user" form;
  4. Fill in the required fields marked with "*";
  5. Click the "Submit" button and confirm the action with a certificate. An application for adding an electronic signature is approved automatically within 20-30 minutes.

For questions related to work on the site, filling out forms and documents, please contact ETP technical support.

Order of the Russian Federation "Tatarstan"

  1. On the main page of the ETP, without entering the Personal Account, click on the "Registration" section.
  2. Select the "Add New EDS" button.
  3. Click on the "Organization User" button, select a new certificate and an organization from the list.
  4. Fill out the form in which you need to specify a new login and password, and click on the "Submit for consideration" button.

After completing these steps, you can immediately log in with a new certificate.
For questions related to work on the site, filling out forms and documents, please contact ETP technical support.

ETP RAD

1 way

  1. On the main page of the ETP, without entering the Personal Account, select the "Participants" section and the "Registration of Power of Attorney" button in the drop-down list.
  2. Fill out the form in which you need to specify a new login and password, select a new electronic signature and click on the "Submit" button.
  3. If the message “A user with this certificate is already registered” appears, then click on the “Continue” button.
  4. Fill out the form and select the "Sign and send" button
  5. A confirmation letter will be sent to the e-mail that was indicated in the application, you need to follow the link in it and enter your username and password. An application for adding an electronic signature is approved within an hour after confirmation of the mail.

2 way

  1. Enter the personal account of the ETP using your login and password or a valid certificate that allows you to enter. If you do not remember your username and password, use the "Password recovery" or "Remind password" button on the login page. If you do not remember the data for recovery, then use the instructions on the site.
  2. In the "My Account" section, click on the "Change electronic signature" button.
  3. Select a new electronic signature and click the "Sign and send" button.
  4. On the new page, check the box "I confirm the change of roles" and click the "Sign and send" button.


Users working with EDS and not fully understanding the principle of interaction between EDS and public procurement and tender portals encounter errors associated with incorrect installation of certificates and temporarily inoperable sites. One of the most common errors - "This certificate is not associated with a system user" appears most often on the Sberbank AST portal. How to solve it? Let's try to sort out the available ways to solve this error and the situations in which it can appear.

The certificate is not associated with the user - Sberbank AST. What is the reason?

There can be several reasons, as in any other situation when working with technology. We list the most common:
  • 1. Site work. Maintenance of the Sberbank AST website is accompanied very often with disconnection from the database of registered EDS. In simple terms, when checking that your digital signature belongs to a user registered on the portal with the database disabled, the Sberbank AST portal will most likely give an error that your certificate is not associated with the system user.
  • 2. Unregistered or not accredited ETP user(Electronic Trading Platform). How to get registered or accredited, we will write in detail in the next article, this information is also easily searched on the Internet. In order to register with Sberbank AST, you need to follow this link and follow the instructions: fill in the details of the company, come up with a login, password, passphrase, attach a scanned document confirming your authority, sign with the existing certificate and send it for consideration.
  • 3. Not suitable for ETP certificate. If the certificate was issued not for electronic trading, but you have a registered account to work with the portal, the error "This certificate is not associated with a system user" may appear. Here, the best way out is to call the certification authority (CA) that issued your certificate to resolve the issue. In most cases, technical support specialists will help you remotely through a special program.
  • 4. The certificate has been reissued due to expiration or other reason. In this case, you need to register a new certificate through your personal account.

    • After updating the electronic signature, you do not need to go through accreditation (registration) again, but different ETPs may have peculiarities, so you need to go to the ETP in the account of an accredited organization and specify a new certificate:

    You can get detailed information on registering a certificate on the ETP, as well as information on other sections and sites that are not presented in the instructions, from the support specialists of a particular ETP.

    We also provide paid consulting services for registering an electronic signature on sites, setting up a workplace, assistance in bidding and working on government portals. More details can be found in the price lists of the CA of JSC PF SKB Kontur and Sertum-Pro LLC.

    1 way

    1. Log in to your ETP personal account using your login-password or a valid certificate linked to the ETP.
    2. Select the "Personal account" section and in the drop-down menu click on the "Link a new certificate" button.
    3. In the first field, select a new certificate and click the "Parse Certificate" button.
    4. In the last field of the form, select the certificate that was used earlier and click the "Sign and send" button.

    2 way

    1. On the main page of the ETP, without entering the Personal Account, click the "For Participants" section and the "Registration" button in the drop-down list.
    2. Click on the "Select" button opposite the item "Registration of a participant user (new electronic signature certificate)" and select one of the buttons on the right:
      - "Apply" - to add a new user.
      - "Bind a certificate to a registered user" - to renew the certificate of an existing user.
    3. In the form that appears, select a new certificate and click "Fill in the registration form".
    4. Fill in the form fields. If you add a new user, then the login must be different from the previously used one.
    5. Click Sign and Send.


    1 way

    1. Log in to your ETP personal account using your login and password or a valid certificate linked to the ETP. If you do not remember your username and password, use the "Forgot your password?" button. If you do not remember the recovery data, then use the instructions on the site.
    2. Go to "My Account" - "Register of Representatives", then on the "Register of Representatives" page, click the "Change Representative" button for the required user.
    3. In the form that opens, attach the public key file of the new certificate.
    4. Click Sign and Save.

    2 way

    1. On the main page of the ETP, without entering the Personal Account, click on the "Registration" button.
    2. In the "Registration of a representative with an EDS" block, click on "Submit an application".
    3. In the first field, select a new certificate, and in the last - the previous one, fill in the required fields and click "Sign and save".

    After performing the actions indicated in the methods, it will be possible to immediately enter the ETP using a new certificate.
    For questions related to work on the site, filling out forms and documents, please contact ETP technical support.

    EETP "Roseltorg"

    1. Log in to your ETP personal account using your login and password or a valid certificate linked to the ETP. If you don't remember your username and password, use the "Recover password" button on the login page. If you do not remember the data for recovery, then use the instructions on the site.
    2. Go to the section "Users", "Registry of users".
    3. Select opposite the user "Change data"

    Select the "Upload New EDS" button. Select a new one from the list of certificates and click OK.

    After the appearance of the information message, it will be possible to immediately enter the ETP using a new certificate.
    For questions related to work on the site, filling out forms and documents, please contact ETP technical support.

    1 way

    1. Log in to your personal account using your login-password, or using the old certificate, if it is still valid, or through the ESIA.
    2. Expand the "My Account" section and select "Download certificates", then specify the desired certificate.

    2 way

    1. On the main page of the ETP, without entering the Personal Account, select the "Participants" section and click on the "Registration of Power of Attorney" button in the drop-down menu.
    2. Fill out the form in which you need to specify a new username and password.
    3. In the last field, select a new certificate and click on the "Submit" button.
    4. Within an hour, a letter will come to the mail, in it follow the link and specify a new login and password to enter.

    After performing the actions indicated in the methods, it will be possible to immediately enter the ETP using a new certificate.
    For questions related to work on the site, filling out forms and documents, please contact ETP technical support.

    RTS-Tender

    The order of actions of the Participants when working with users of the organization depends on whether the organization of the Participant is registered in the Unified Information System.

    - The participant is registered in the EIS

    After the registration of the Participant in the UIS, the actions to add users of the organization are performed by the Participant in the Personal Account of the UIS.

    - The participant is accredited on the site, but not registered in the EIS

    Actions to add a user are carried out on the Electronic Platform. To add an electronic signature to a Participant who is not registered in the EIS:

    1. Open the main page of the RTS tender and select the "44-FZ" section, then the "Participants" section;
    2. Click on the "Add User" section or go to the "Accreditation" section and click on the "Request to add a new user of the organization" link, which is located under the "Continue registration" button;
    3. The "Application for adding a user" form will open. In the "Certificates" field, click the "Select from list" button. Select your certificate and click OK. The data specified in the certificate will automatically fill in a number of fields in the "Application for adding a user" form;
    4. Fill in the required fields marked with "*";
    5. Click the "Submit" button and confirm the action with a certificate. An application for adding an electronic signature is approved automatically within 20-30 minutes.

    For questions related to work on the site, filling out forms and documents, please contact ETP technical support.

    Order of the Russian Federation "Tatarstan"

    1. On the main page of the ETP, without entering the Personal Account, click on the "Registration" section.
    2. Select the "Add New EDS" button.
    3. Click on the "Organization User" button, select a new certificate and an organization from the list.
    4. Fill out the form in which you need to specify a new login and password, and click on the "Submit for consideration" button.


    For questions related to work on the site, filling out forms and documents, please contact ETP technical support.

    ETP RAD

    1 way

    1. On the main page of the ETP, without entering the Personal Account, select the "Participants" section and the "Registration of Power of Attorney" button in the drop-down list.
    2. Fill out the form in which you need to specify a new login and password, select a new electronic signature and click on the "Submit" button.
    3. If the message “A user with this certificate is already registered” appears, then click on the “Continue” button.
    4. Fill out the form and select the "Sign and send" button
    5. A confirmation letter will be sent to the e-mail that was indicated in the application, you need to follow the link in it and enter your username and password. An application for adding an electronic signature is approved within an hour after confirmation of the mail.

    2 way

    1. Enter the personal account of the ETP using your login and password or a valid certificate that allows you to enter. If you do not remember your username and password, use the "Password recovery" or "Remind password" button on the login page. If you do not remember the data for recovery, then use the instructions on the site.
    2. In the "My Account" section, click on the "Change electronic signature" button.
    3. Select a new electronic signature and click the "Sign and send" button.
    4. On the new page, check the box "I confirm the change of roles" and click the "Sign and send" button.

    After completing these steps, you can immediately log in with a new certificate.
    For questions related to work on the site, filling out forms and documents, please contact ETP technical support.

    TEK-Torg

    1. Log in to your ETP personal account using your login/password and a valid certificate that allows you to log in. If you don't remember your username and password, use the "Recover password" button on the login page. If you do not remember the data or the certificate has expired, then contact those. platform support.
    2. Select the "Users" section and from the drop-down list the "Users register" button.
    3. Opposite the user's name, click on the link "Change data".
    4. Select the "Upload New EDS" button.
    5. Select a new one from the list of certificates and click OK.

    After completing these steps, you can immediately log in with a new certificate.
    For questions related to work on the site, filling out forms and documents, please contact ETP technical support.

    ETP Gazprombank

    1. Enter the personal account of the ETP using your login and password or a valid certificate that allows you to enter. If you do not remember your username and password, use the "Forgot password" button on the login page. If you do not remember the data, then contact those. platform support: 8 800 100-66-22 .
    2. Select the "Personal Account" section and from the drop-down list the "Settings" button, then "Replacement of ES".
    3. The "Change Electronic Signature" window will appear.
    4. In the list of certificates, select a new one and click the "Change" button.

    After completing these steps, you can immediately log in with a new certificate.
    For questions related to work on the site, filling out forms and documents, please contact ETP technical support

    Sberbank ast does not see the certificate. How to add a new digital signature certificate to Sberbank ast. National electronic platform

    Web service contacts

    If your organization has not previously been registered on sberbank-ast.ru, then you need to be accredited. For this you can use.

    If you have already worked at this site, then you need to register a new, previously not used on the site, certificate. To do this, you must perform the following steps:

    2. Fill out an application for user registration (part of the data is filled in from the certificate automatically by pressing the button "Fill out the registration form"), come up with a login-password for logging in (if you have already used a login for logging into Sberbank-AST, then come up with a new one, different from the previous one) and a passphrase.

    3. Attach and sign a scan of a document confirming the authority of the employee for whom the certificate was issued.

    4. Fill in the captcha (text from the image) and click "Sign and send" .

    After registering a new certificate on the trading platform, you can try to log in again with a new certificate.

    Was the information helpful? Not really

    To authenticate users logging in with a client certificate, you can compare the data contained in the certificate with a Windows user account. There are two ways to match certificates: and. Both of these methods can be applied in the IIS snap-in.

    • Certificate mapping is only possible if a server certificate is installed. For more information about installing a server certificate, see Obtaining a Server Certificate.
    • To ensure that changes made to the certificate matching rules take effect, you must stop and restart the Web site. To do this: In the IIS snap-in, select the web site and either select the command Stop on the menu Action, or click the button Stop object on the toolbar. Then select command Start on the menu Action or click the button Launching an object on the toolbar.

    Mapping overview

    One-to-one mapping

    In a one-to-one mapping, individual client certificates are mapped to accounts. The server compares the copy of the client certificate it has with the client certificate sent by the browser. The two certificates must be exactly the same for a successful match. If the client receives a different certificate that contains the same user information, then the mapping will need to be re-mapped.

    Many-to-one mapping

    Many-to-one matching uses matching rules with wildcards, which allow you to find out if the client certificate contains certain information, such as the issuer name or subject. This matching method does not compare the client certificates themselves, but accepts all certificates that meet certain criteria. If the client receives a different certificate that contains the same user information, then the existing mapping will still be valid.

    Directory Service (DS) Mapping

    Directory Service (DS) certificate mapping uses Windows 2000's built-in Active Directory to authenticate users with client certificates. This comparison method has both advantages and disadvantages. For example, it is an advantage that client certificate information can be shared among a large number of servers. The downside is that wildcard matching is less advanced than what is available in the IIS matcher. For more information about directory service mapping, see the Windows 2000 documentation.

    You can enable directory service mapping only at the basic property level and only when you are a member of a Windows 2000 domain. Enabling directory service mapping removes the use of one-to-one and many-to-one mapping for the entire web service.

    Matching strategies

    Mapping client certificates is very flexible: you can use any of the three ways to map certificates to user accounts. You can map a single client certificate to any number of user accounts, and any number of client certificates to a single account. Certificate mapping can be used in a variety of situations, including:

    • Large networks. On networks with a large number of client certificates, a many-to-one mapping or directory service mapping is used. An administrator has the ability to set one or more rules to map certificates to one or more Windows accounts.
    • Small networks. In networks with a small number of users, you can use one-to-one mapping to provide better control over the use and revocation of certificates, or many-to-one mapping to simplify administration.
    • Additional security. For resources that are only accessible by a few users and require additional security, use a one-to-one mapping. This will ensure that only specific certificates are valid. It also provides support for better certificate revocation policies.
    • Internet. Internet sites authenticating with certificates can use many-to-one mapping, accepting different certificates and matching them all to an account that has rights similar to the IUSR_ account computer_name .
    • For certification service. To allow access to the system for all users logging in with a client certificate issued by a particular organization, you can use many-to-one mapping and set a rule to automatically map any certificate issued by that organization to a user account.

    Note. If you need a more flexible wildcard matching mechanism, take advantage of the IIS Mapper. If the mapping is used to integrate Web sites into a Windows domain, then the Windows DS tool is a better fit. See the Windows documentation for more information.

    Certificate export

    Some certificates are needed export so that they can be used in a one-to-one mapping. Many-to-one mapping does not require you to export certificates. For more information, contact the certificate authority.

    To export the certificate using Internet Explorer version 4.0 or later.

    Note. You can also use this procedure to create a backup copy of the certificate.

    1. In Internet Explorer, open the menu Service and select command Internet Options .
    2. In the dialog box Internet Options open tab Content .
    3. On the tab Content press the button Personal(Internet Explorer version 4.0), or click the button Certificates and open tab Personal(Internet Explorer version 5).
    4. Select a certificate from the list and click the button Export .
    5. In the wizard, click the button Further, select the checkbox No, do not export the private key and press the button Further .
    6. Select a format on the next page Base-64 Encryption X.509 (.CER) and press the button Further. Complete the procedure following the wizard's instructions.

    The certificate is now ready for a one-to-one mapping. You only need to complete this procedure once for each certificate.

    Certificate Mapping

    In a one-to-one mapping, individual client certificates are mapped to accounts. Many-to-one matching uses matching rules with wildcards, which allow you to find out if the client certificate contains certain information, such as the issuer name or subject.

    To map a specific client certificate to a user account (one-to-one mapping)

    1. On the tab Directory security in a group Secure Connections press the button Change .
    2. In the dialog box Secure Connections check the box Change .
    3. On the tab 1 to 1 dialog box, add a new certificate by clicking the button Add, or edit an existing mapping by selecting it and clicking the button Change .
    4. To add a certificate, find its file and open it.

    Note. If you can't find the certificate file, it might need to be exported.

  • In the dialog box Account Mapping enter a mapping name. This name will be displayed in the list in the dialog box.
  • Enter your Windows account name or navigate to it. Enter the password for the account that the certificate is associated with.
  • Click the button OK .
  • Repeat these steps to map other certificates, or to map the same certificate to other accounts.

    • To match a client certificate using a wildcard rule (many-to-one mapping)

    Note. You do not need to export certificates for many-to-one mapping.

    1. On the tab Directory security in a group Secure Connections press the button Change .
    2. In the dialog box Secure Connections check the box Change .
    3. On the tab many to 1 dialog box Account matching press the button Add .
    4. In the dialog box General enter a name for the rule. This name will be displayed in the list of the dialog box. Account matching. You can create rules for the future or disable rules without deleting them; This is what the checkbox is for. Enable this rule. Click the button Further .
    5. In the dialog box rules press the button Create .
    6. In the dialog box Editing a Rule Element select the appropriate criterion and click the button OK .

    Note. Repeat steps 6 and 7 if you want to set a more specific rule.

  • When finished, press the key Further .
  • In the dialog box Mapping enter your Windows user account name or navigate to it. Enter the password for the account that this rule matches.

    Note. If the account that the rule matches against is located on a computer that is a member of a workgroup, you will need to provide the computer name and account name. For example, if you are mapping to the account "RegionalSales" on a computer named "Sales1", then the name would be Sales1RegionalSales.

  • Click the button OK .
  • Repeat these steps to create more matching rules.
  • The order in which the rules are applied can be controlled using the buttons Down and Up. The rules above take precedence.

    • To modify an existing wildcard matching rule (many-to-one matching)

    1. In the IIS snap-in, select the Web site for which you want to configure authentication and open its properties window.
    2. On the tab Directory security in a group Secure Connections press the button Change .
    3. In the dialog box Secure Connections check the box Allow client certificate mapping if it's not already installed. Click the button Change .
    4. On the tab many-to-1 dialog box Account matching highlight the rule and click the button Change .
    5. Make the necessary changes.
    6. When finished, click the button OK .
    • Specific client certificate mappings always take precedence over wildcard mappings.
    • Some client certificates may contain a large amount of identification information and may include additional, non-standard fields. For information about certificate formats, contact your certificate authority.
    • Use as specific rules as possible. A good wildcard rule checks the contents of several different fields and optional fields. For example, the names "Accounting", "Shipping", and "Sales" may appear in an optional field on several of an organization's client certificates. A rule that only matches certificates based on the value of this optional field may result in an incorrect match.

    Important.

    And so let's get started...

    This is not a revelation or a review of absurd lots.
    This is a manual.

    Recently, participation in tenders has become a daily routine - wherever you go, everything is in procurement :)
    And some have problems :(

    So I decided (for myself) to collect everything in one place.

    Deciding on the version of Crypto Pro.
    Firstly, what kind of Crypto Pro is needed (CSP for working on trading platforms with authorization by token is just right).
    Secondly, under what Windows will Crypto Pro work. Not all versions are useful - the old ones do not work under Windows 10, the new ones do not work under XP. Bit depth also matters.
    You say - ha, what a problem. If that one doesn't work, I'll put this one in.
    And I will say - break off.
    The license is purchased for a specific version. If you want to change the version, buy a license for a different version.
    It is especially offensive if the license is perpetual.

    We check the version and performance of the browser. Trading platforms promise normal work through Internet Explorer 8. I will add newer IE here.

    Install CryptoPro CSP.
    When installed, the program works for free for 90 days. Then you need to buy a license. There are annual. There are perpetual. Price difference.

    Installing a personal certificate from a carrier ruToken, eToken or others. You can determine by the inscription on the token:

    • Start - Settings - Control Panel - CryptoPro CSP - Tools tab - "View certificates in container" button
    • The "Browse" button and select the key token container in the container selection window. Ok - Next - enter the default PIN - 12345678 or 1234567890. Select "Properties"
    • In the certificate properties window, click Install certificate - Next
    • Select "Place all certificates in the following store". In the certificate store selection window, click "Browse" - "Personal" - "OK" - "Next" - "Finish" - "OK" - "Finish" - "OK". CryptoPro will close.

    Installing CA Root Certificates
    You can download the certificate from the certification authority website and install it in the Trusted Root Certification Authorities store. To install, simply open the certificate file and follow the prompts of the installation wizard.
    Or open the properties of a personal certificate, go to a higher level - this will be the root certificate of the CA. The "Install" button will appear in the properties of this certificate - you can use it. If there is no button, then the certificate is already installed.

    Install the root certificates of the trading platforms themselves.

    For EETP(http://www.roseltorg.ru/): http://etp.roseltorg.ru/eds/crl/cacer.cer . To install the UETP CA certificate to trusted root certification authorities on your computer, you need to download this certificate to your computer, open it by double-clicking on it.
    Then, in the window that appears, click the Install Certificate button. ". In the Certificate Import Wizard that appears, click Next.
    Then select "Place all certificates in the following store".
    Then click "Browse. "In the window that appears, select the "Trusted Root Certification Authorities" branch, click "OK".
    Then click the "Next >" button. After closing the Certificate Import Wizard with the "Finish" button, the certificate will be successfully installed.

    For zakazrf.ru(http://www.zakazrf.ru): http://www.zakazrf.ru/File.ashx? >After downloading the utility, run it and click "Register OIDs", then "Install certificates"

    For MICEX(http://www.etp-micex.ru/): http://www.etp-micex.ru/library/documents/TLS.rar .
    Download the archive containing the certificates. Save this archive on your computer. Unpack it. The archive contains four TLS security certificates.
    - Select the "micex.cer" root certificate.
    - Click the "Open" button.
    - Click the "Install Certificate" button. ". The "Certificate Import Wizard" will start.
    - Click "Next". - Select "Place all certificates in the selected store".
    - Click Browse. and select the Trusted Root Certification Authorities folder.
    - Click OK.
    - Click Next.
    - Click Finish.
    - In the "Security Warning" window, click the "Yes" button.
    — The certificate is installed.
    Next, install the list of revoked certificates "micex.crl". Click the right mouse button, select "Set CRL Revocation List".
    - The "Certificate Import Wizard" will start.
    - Click Next.
    - Select the item "Automatically select a store based on the type of certificate".
    - Click Next.
    - Click the "Finish" button.
    — The certificate is installed.
    Install the domain certificates "etp-micex.ru.cer" and "www.etp-micex.ru.cer" in the same way.
    - After installing the certificates, restart your browser.
    - If the window "Error in the security certificate of this website" is displayed when logging in via digital signature, check that the TLS security certificates are installed and configured correctly.
    - Click "Continue to this website (not recommended)".

    For RTS(http://rts-tender.ru/): http://www.rts-tender.ru/RTS-tender.ru.exe
    After downloading the utility, run it and carry out the installation procedure according to the installer's messages, agreeing to all suggestions and warnings.

    Installing additional components:
    Additional components must be installed for the certificate store to work correctly. What is needed, what is not - it is easier to walk through the sites and install everything that will be offered by these sites. Most likely, it will not do without Capicom.

    Browser setting.
    To work with the digital signature, you must configure the Internet Explorer security settings:
    1) In the Internet Explorer menu "Tools" -\u003e "Internet Options. » On the Security tab, select the Trusted Sites zone and click the Sites button.
    In the window that appears:
    - uncheck the box "All hosts in this zone require server verification (https:)";
    — in the line "Add a node to the zone" enter the node of the trading platform:

    http://*.roseltorg.ru/ (for EETP)
    https://*.roseltorg.ru/ (for EETP)
    http://*.sberbank-ast.ru (for Sberbank-AST)
    http://*.etp-micex.ru/ (for MICEX)
    https://*.rts-tender.ru (for RTS)
    http://*.rts-tender.ru (for RTS)
    https://*.zakazrf.ru (for zakazrf.ru)
    http://*.zakazrf.ru (for zakazrf.ru)
    http://*.rosreestr.ru/ (for Rosreestr portal)
    https://*.rosreestr.ru/ (for the Rosreestr portal)

    and click the "Add" button (each node is added separately).
    Click "Close".
    In the "Security level of this zone" section for the "Trusted Sites" zone, click the "Custom" button.
    In the Security Settings window that appears:
    - select the security level "Low", click "Reset" and agree with the security warning. — configure the settings for launching ActiveX elements. To do this, in the "ActiveX controls and plug-ins" branch, set all the settings to "Enable" or "Allow", and then click OK to save the settings of the "Trusted Sites" zone.

    2) Go to the "Privacy" tab, uncheck "Enable pop-up blocker".
    3) Go to the "Advanced" tab, click "Restore advanced settings". Then check SSL 2.0 (Windows XP only) or deselect SSL 2.0 (Windows 7 only) and select TLS 1.0
    4) After changing the Internet Explorer security settings, click "Apply", then "OK". After the security settings have been made, be sure to restart the Internet browser.

    Test pages to check the settings:

    Sberbank AST - http://www.sberbank-ast.ru/TestDS.aspx - soft test
    EETP - https://etp.roseltorg.ru/user/checkcertificate - medium check
    MICEX - http://www.etp-micex.ru/index/test-page - detailed check

    When renewing a certificate:

    Install a new personal certificate from media.
    — Install the root certificates of the Certification Authority.
    — Activate your new certificate on trading platforms:

    Sberbank-AST— http://www.sberbank-ast.ru/
    On the main page, click "Login"
    In the "Certificate Login" section, select a new certificate
    Click "Sign and login"
    The message "This certificate is not associated with a system user" is displayed.
    Enter your username and password in the form below
    Click "Login"
    We try to enter the site using a certificate, if it doesn’t work, then on the “Participants” tab, click “Application for user registration”
    We fill in all the fields with asterisks, while inventing a new login and password

    Trying to login with a certificate

    EETP "Roseltorg"— http://etp.roseltorg.ru/

    In the "Authorized person" section, click "Change data"
    Click "Upload New EDS"
    Choosing a new certificate
    Click "Sign and Send"
    Trying to login with a certificate

    Why does not see the certificate in Sberbank ast. How to add a new digital signature certificate to Sberbank Ast

    Greetings, dear colleagues! As you know, the accreditation period for an order placement participant (URZ) on electronic trading platforms according to 94-FZ is 3 years, but an electronic digital signature (EDS) is issued to us for only a year, so after the expiration of the EDS, the question arises: "How to register a new EDS on the site?". In fact, this is an absolutely simple procedure.

    In today's article, I will analyze in detail an example of registering a new EDS on the Sberbank-AST electronic site, and in the following articles we will consider other sites with you.

    You have received a new digital signature and we believe that it is already installed on your computer. As a rule, certifying centers, along with the key, provide a disk with software (a cryptographic program) and an installation manual. Therefore, we will not dwell on this issue. If someone has any questions on this topic, then write them to our support service, and we will try to answer you.

    Important. In the article, all the screenshots presented are clickable; to enlarge the image, you need to click on it once with the left mouse button.

    And so let's get started...

    Step 1 We go to the site "Sberbank-AST"

    We find the tab "Participants" and from the drop-down menu select the item "Application for user registration".

    Step 2 Select your new EDS from the list

    In the window that appears, select your new digital signature from the list and click on the "Fill in the registration form" button, in the modal window that appears, enter your PIN code and click the "OK" button.

    Step 3 Filling out the registration form

    After you have completed Step 2, a registration form will appear in front of you. Part of the data in this form will be filled in automatically from the certificate, but you need to fill in the remaining empty form fields yourself.

    After you have filled in the empty fields, you will need to attach and then sign a document confirming the authority of the EDS owner.

    If the EDS is issued to the head, then this is either a decision on the appointment or a protocol on the election.

    If the EDS is not issued to the head, then this is a power of attorney for the owner of the EDS, as well as a document confirming the authority of the person who issued the power of attorney.

    Then we come up with a new login, password and code word, you can leave the old ones that you indicated during accreditation at the site.

    Once again, we check the correctness of filling in the fields, fill in the captcha (letters from the picture) and click on the "Sign and send" button

    Step 4 We enter your personal account with a new EDS

    Once you have signed and submitted the registration form, the system will give you a notification that your registration application has been successfully submitted.

    Now you can enter your personal account with a new EDS, as you usually did.

    That's all! I wish you successful work and new victories. See you in the next articles.

    Binding a new certificate may be associated with different situations. For example, it has expired, which is 1 year. Or the old certificate is lost. There are cases when an unscheduled replacement and binding is needed. If an old employee stops working on projects for ETP and a new person appeared.

    Login to LKS Sberbank-AST produced according to the EP certificate. If it is impossible to enter the personal account, the system issues that the user of the system and the client certificate are not comparable, then you need to bind a new one.

    Instructions for linking a new certificate on the site Sberbank-AST :

    1. You need to fill out and submit an application for registration of a new user. Go to the open part of the site, find it in the "Participants" menu. Expand this section and click on "Register". Then click the "Select" and "Submit Application" button. There is a button in the field "Registration of the user of the participant".
    2. Choose from the proposed list specifically your ES certificate. Then, fill in the form fields. Some fields are filled in automatically (TIN, OGRN, etc.), and the login and password are new.
    3. Sign an application for accreditation of a new ES. Wait for confirmation that it works successfully.
    4. Within five minutes, the new ES will become active. It will be possible to go back to the LC and continue working.
  • After that, you can go to your personal account using a new certificate.

    National electronic platform

    RTS-Tender

    1. On the portal www.rts-tender.ru, without going to the "Personal Account", you must select the menu 44-FZ - Participants - Add a user.

    Order of the Russian Federation "Tatarstan"

    1. Select a new certificate.

    Sberbank-AST

    1. By clicking on the link www.sberbank-ast.ru/freeregister.aspx, on the main page, go to the section "Participants" - "Registration" - "Registration of a participant user (new electronic signature certificate)" - "Submit an application".

    «

    USP Sberbank-AST (utp.sberbank-ast.ru)

    1. Go to "My Account" - "Register of Representatives", then on the "Register of Representatives" page, click the "Change Representative" button for the desired user.
    2. Click "Sign and Save" .
    3. After completing these steps, you can immediately log in with a new certificate.

    And enter your personal account using a login-password or other certificate.

    If there is no other valid certificate and you cannot remember your login password, you must provide an official letter drawn up in a Microsoft Office Word document and signed by the authorized person's ES. The letter is sent to the Site through the User Support Center.

    The mail specified in the letter must be unique, i.e. not be used by other users of the Site. The form of the letter is available at the link https://www.roseltorg.ru/trade/faq/, the question is "How to recover a lost login and password?"

    In the upper right corner in the "User" section, click on the user's name.

    The profile editing page will open, click on the "Upload new ES" button.

    A list of certificates will appear, select the one you need, click OK.

    The message “Success! You can continue to work."

    After that, you can go to your personal account using a new certificate.

    National electronic platform

    1. On the main page www.etp-micex.ru, go to the "Participants" section and select "Registration of power of attorney"
    2. Fill out the form in which you must specify a new username and password.
    3. Within an hour, an email will be sent to your email with a link that you need to follow and enter a new username and password.
    4. After that, you can try to enter your personal account using a new certificate.​

    RTS-Tender

    1. On the portal www.rts-tender.ru, without going to the "Personal Account", you must select the menu 44-FZ - Participants - Add a user.
    2. In the form that opens, click the "Select from the list" button at the top, part of the data will be filled in from the certificate, the rest is filled in manually, you must specify a new login password and code word. After filling in all the fields and entering the captcha (text from the image), click "Submit".
    3. A notification from the site about the registration of a new certificate should be received within 24 hours. You will not be able to log in with a new certificate right away.

    Order of the Russian Federation "Tatarstan"

    1. You need to go to the etp.zakazrf.ru portal, on the "Registration" tab, click "Submit a request to add a new organization user".
    2. Select a new certificate.
    3. Fill in all fields with asterisks, incl. you need to specify a login password for logging in (a login that is different from the previously used one) and a passphrase.
    4. Attach a scan of a document confirming the user's authority (if you are in doubt about which document to attach, contact the technical support of the portal).
    5. Click "Sign and Send".
    6. A notification from the site about the registration of a new certificate should be received within 24 hours; it will not be possible to immediately enter using a new certificate.

    Sberbank-AST

    1. By clicking on the link www.sberbank-ast.ru/freeregister.aspx, on the main page, go to the section "Participants" - "Registration" - "Registration of a participant user (new electronic signature certificate)" - "Submit an application".
    2. Fill out an application for user registration (part of the data is filled in automatically from the certificate by clicking the "Fill in the registration form" button), come up with a login password for logging in (if you have already used a login for logging into Sberbank-AST, then come up with a new one that is different from the previous one) and passphrase.
    3. Attach and sign a scan of a document confirming the authority of the employee for whom the certificate was issued. What kind of document this is, they should know in the organization itself, because. in different situations it can be a different document.
    4. Fill in the captcha (text from the image) and click "Sign and send".

    If your certificate has a role (OID) « Organization administrator”, then the application will be accepted automatically and you can immediately enter your personal account using a new certificate.

    If the certificate does not contain the “Organization Administrator” role, then you must either contact another user of this organization with the “Administrator” rights with a request to approve the application in his personal account, or contact the ETP Sberbank-AST technical support at

    USP Sberbank-AST (utp.sberbank-ast.ru)

    1. Log in to your personal account by entering your username and password.
    2. Go to "Personal Account" - "Register of Representatives", then on the "Register of Representatives" page, click the "Change Representative" button for the desired user.
    3. In the form that opens, attach the public key file of the new certificate.
    4. Click "Sign and Save" .
    5. After completing these steps, you can immediately log in with a new certificate.

    You can get more detailed information from the technical support specialists of a particular ETP.

    If you do not remember your login password, use the "Forgot your password?" on the login page to reset your password. If you do not remember the data that you need to specify to recover your password, you should contact ETP technical support.

    Getting to the bank's website, users are increasingly encountering an error - "The client certificate is not associated with the user" Sberbank AST. After that, the system usually prompts you to enter user data for authorization, as well as for association of the certificate with the user. Why this error occurs and what to do is what we have to decide in this article.

    Why does a certificate-to-user association message appear?

    When you get to the page of the bank's web service https://sberbank-ast.ru with your current certificate. This happens for several reasons:

    • Your organization did not create a profile in the ETP of Sberbank;
    • A certificate is used that has not previously been registered in the ETP;
    • Accreditation has already been carried out on this certificate.

    This error occurs due to a general change of certificates for purchases in the Sberbank system.

    How to compare a certificate with a personal account

    We need to complete the registration of a new member on the Sberbank-AST website (http://www.sberbank-ast.ru/). In the top menu, select the "Participants" section and click "Registration" in the drop-down block.

    In some cases, when there are other users in the organization in the role of administrator, the submitted application can be approved by him himself in his personal account, in the "Application for user registration" section.

    The following method to bind the Sberbank AST certificate

    If this text continues to appear in the navigator window - "The client certificate is not associated with the user" on Sberbank-AST, let's try the following method, which often helps to solve this problem.

    1. Go to the UIS website - http://www.zakupki.gov.ru/ and log in to the system;
    2. Open "Permissions", activated check-boxes associated with the bank;
    3. Sign out of your account. Close your browser. Open again and in the settings find and delete the cache;
    4. Then log in again to the UIS and check the boxes for the powers of Sberbank-AST;
    5. Try again to contact the Sberbank-AST website;
    6. You may need to do these steps again. Try to change a few letters or numbers in your personal data in your personal account at http://www.zakupki.gov.ru/. After that, they will be fully exported to the Sberbank website, and as a result of their update, the error will be eliminated.

    Also try changing the browser you are trying to access the Internet from.

    Web service contacts

    In some cases, users were able to contact Sberbank-AST technical support and get advice on how to fix the error. The following contacts make it possible to contact the hotline operator directly:

    Describe all the details of the problem that you encountered on the portal and call on the staff to help you. You may be asked to send them a zipped public key certificate by mail so they can enter it themselves. When you enter the Sberbank-AST website, at the time the error message appears, your data is indicated in the text. Please make sure they are up to date and correct.

    It is possible that the details of your organization have been changed. And the failure is a logical response to other data in your certificate. To change the checkpoint, you need to write a letter. In it, ask for help and describe in detail the difficulties you are facing. The text of the letter must be signed by the head. A copy of the certificate of registration with the tax authorities must also be attached to it. You can send this document to the mail indicated above in the article. Perhaps the data will be corrected after that, and you will be able to get to the Sberbank-AST website and eliminate the error - "The client certificate is not associated with the user."

    How to add a new EDS certificate to Sberbank AST

    The terms of use of the public procurement portal provide that the digital signature used to confirm the user's actions is issued for a period of 1 year. After this period, the user will need to find out how to add a new certificate to Sberbank AST, which will allow him to continue using the platform as before.

    What is Sberbank AST and EDS

    Before figuring out how to change the EDS to Sberbank AST, it is advisable to study these two terms in more detail. ACT stands for Automated Trading System, which was launched by this financial institution in 2009. In fact, it is a special platform for interaction between the state and entrepreneurs.

    With the help of Sberbank AST, registered users can participate in tenders and competitions for the supply of various goods and services under government orders.

    One of the mandatory requirements for system participants is the presence of an electronic digital signature - EDS, which allows you to confirm the actions of the user and his identity.

    This term refers to a special mathematical scheme that allows you to confirm the authenticity of documentation submitted in electronic format. In addition, such tools are often used as means of authentication, as they guarantee a high level of protection against unauthorized access. It is provided with an asymmetric encryption principle, which eliminates the possibility of forgery or hacking. Digital signatures are often used to confirm the identity of the sender of messages.

    As a rule, it is placed on a portable drive - a flash drive, which is very convenient. An entrepreneur can become a user of this service without providing an EDS, however, this is fraught with reduced functionality that does not allow to fully appreciate the benefits of the service. The validity of the signature does not exceed 1 year, after which it becomes necessary to update the EDS using a personal account.

    Obtaining a new EDS

    In order to successfully update the data on the electronic signature of an account in the ACT service, the user will first have to obtain it. Registration of a new EDS can be done through the Sberbank Business Online service.

    To successfully complete the procedure, you will need to follow the simplest procedure:

    1. Log in to the site using your username/password.
    2. Open the "Services" category in the navigation menu.
    3. Go to the "Cryptoinformation Exchange" category.
    4. Click the "Request a New Certificate" button.
    5. Specify all the necessary information - crypto profile, position, e-mail.
    6. Send a request to the branch of the bank.

    When re-acquiring an EDS, the user will not need to indicate his full name and other data that can be obtained from the current information in his profile. Not only entrepreneurs, but also individuals can get a signature, which made it an extremely popular tool.

    EDS update

    Many users who want to know how to register a new digital signature note the impossibility of authorization after the signature has expired. This does not allow you to change the necessary data and use the service correctly. However, you can change the data despite these issues.

    When planning to add a new digital signature by updating the information in the profile on the AST site, it should be noted that such an action involves the implementation of the simplest algorithm of actions:

    1. Go to the official portal "Sberbank AST".
    2. Select the "Participants" category.
    3. Click on the button "Application for user registration.
    4. Select the desired signature.
    5. Click on the "Fill out the form" button.
    6. Enter pin, then enter the required data. Some of them will be substituted automatically from the used certificate.
    7. Click on the "Sign and send" button.

    Thus, the user can register a new certificate in this system. After successfully completing the above steps, the user will receive a notification that the application has been sent. From this moment, the client can use the new signature to log in to the personal account and perform various actions.

    Digital Signature Capabilities

    After the user has managed to renew the EDS on this site, many opportunities become available to him. First of all, this is the signing of documentation, which allows you to confirm the authenticity of papers submitted in electronic form. Since they have legal force, the entrepreneur has the opportunity to carry out most of the actions using the Internet.

    In addition, other opportunities await the owner of a digital signature:

    • gaining access to trading platforms, for example, Sberbank AST. The presence of an electronic signature seems to be a mandatory requirement for participants who plan to conduct their professional activities on this platform;
    • maintaining electronic reporting, which will be certified with the help of EDS;
    • Simplified registration of some financial products using a similar signature.

    All this makes the digital signature an indispensable tool that allows an entrepreneur or company not only to participate in public procurement and tenders, but also to simplify the solution of everyday tasks facing the enterprise.

    • We also recommend

    Loading...Loading...