List of trusted crypto nodes. Configuring trusted nodes for CryptoPro EDS Browser plug-in
CryptoPro EDS browser plug-in (aka CryptoPro CADESCOM or Kadescom) - a plugin required for creating and verifying an electronic signature on web pages using CryptoPro CSP. Used to work on trading platforms and portals. The distribution is available on the CryptoPro website in the Products / CryptoPro EDS Browser plug-in section http://www.cryptopro.ru/products/cades/plugin/get_2_0.
System Requirements
- Installation of the plugin is possible on the following operating systems: Win XP SP3, Win Vista SP2, Win 2003 SP2, Win 2008 SP2, Win 7, Win 2008 R2, Win 8, Win8.1, Win10.
- Works with browsers: IE 8 - 11, Opera, Mozilla Firefox, Google Chrome, Yandex Browser
Doesn't work V Edge browser, preinstalled by default in Windows 10.
- Requires pre-installed CryptoPro CSP version no lower than 3.6 R2
Features of some browsers for configuring the plugin
- in Mozilla Firefox 29 and higher: you must enable the plugin (the browser may not ask for permission to enable the plugin). To do this, go through diagnostics and perform a fix "Enabling plugins in Mozilla Firefox", after which it is necessary restart Firefox. You can also do this manually: press Ctrl+Shift+A, go to the “Plugins” section, select CryptoPro CAdES NPAPI Browser Plug-in and switch it to the “Always active” state, after which you must restart Firefox .
- in Google Chrome you need to follow the link and install the extension.
- In Yandex Browser and Opera you need to install the extension available at this link
- IN Internet Explorer you need to make the following settings:
- Add the address of the site where you work with the plugin to trusted sites (Browser options / security / trusted sites / sites / add site address).
- If you are working in Internet Explorer 11, then try working in compatibility mode.
- Check that the site address is added to the plugin’s trusted nodes (most sites that accept our CA certificates can be added automatically using the diagnostics https://help.kontur.ru/uc). To check that the site has been added to the trusted nodes of the plug-in, you need to go to Start - All programs - CRYPTO-PRO - Settings CryptoPro EDS Browser plug-in. A browser window will open in which you will need to allow to unblock all contents of the page/allow access.
Cryptographic operations, such as creating an electronic signature or decrypting a file, require access to keys and personal data of the user (for example, to a storage personal certificates). When performing such operations by web applications (using the CryptoPro EDS Browser plug-in), the plug-in requests the user’s permission to access his keys or personal data.
The user's permission will be requested when activating CryptoPro EDS Browser plug-in objects.
Trusted Web sites (for example, those located on your organization's intranet) can be added to the list of trusted Web sites. Sites on the Trusted Sites list will not prompt the user for confirmation when opening the certificate store or performing operations on the user's private key.
Managing a list of trusted websites on Windows platforms
To manage the list of trusted websites in the CryptoPro EDS Browser plug-in, the user must run Start -> Crypto-Pro -> Digital signature settings Browser plug-in. This page is part of the CryptoPro EDS Browser plug-in distribution kit.
A computer or domain administrator can also manage the list of trusted websites for all users through Group Policy. Configuration is carried out in the console group policies in section Computer configuration/User configuration -> Administrative templates -> Crypto-Pro -> CryptoPro EDS Browser plug-in. The following policies are available to the administrator: List of trusted nodes. Defines the addresses of trusted nodes. Web sites specified via this policy, are considered trusted in addition to those that the user adds independently through the CryptoPro EDS Browser plug-in settings page.
The page is saved for a specific user
HKEY_USERS\
The policy is saved in the appropriate section for policies:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Crypto-Pro\CadesPlugin\TrustedSites
Managing a list of trusted websites on Unix platforms
To manage the list of trusted websites in the CryptoPro EDS Browser plug-in on Unix platforms, use the page /etc/opt/cprocsp/trusted_sites.html, which is part of the CryptoPro EDS Browser plug-in distribution.
You can also use the command to view a list of trusted websites:
/opt/cprocsp/sbin/
To add websites (for example, http://mytrustedsite and http://myothertrustedsite) to the trusted list, you can use the command:
/opt/cprocsp/sbin/
To clear the list of trusted websites, you can use the command:
/opt/cprocsp/sbin/
Adding sites to the list of trusted sites is available for all users using the command
/opt/cprocsp/sbin/
In recent years, most of the document flow has moved to the area of remote service via the Internet, while paper media are gradually being replaced by electronic virtual analogues. The most popular software product is Crypto Pro, which is used to verify an electronic digital signature. But for reliability and authenticity, it is necessary to check the “CryptoPro EDS Browser plug-in” plug-in and make sure that it is installed correctly on a computer or other electronic device.
Nuances of the plugin and system requirements
For the normal functioning of all departments, the question arises of ensuring the necessary level of data protection when signing documentation, maintaining secrecy and trade secrets. Solving problems is achieved by developing special software products and algorithms that encrypt and decrypt information included in a document and at the same time confirm its authenticity. These programs are a certified product and cover certain areas of the information field.
The essence of their work is to process documents online using special extensions for all browsers that support JavaScript. It runs freely on all major operating systems except Android. The plugin allows you to endorse the following types of documents:
- in electronic format;
- files that are downloaded from the user's computer;
- text messages and other types of documentation.
For example, when transferring funds in Internet banking, using the “CryptoPro EDS Browser plug-in” check, you can confirm that the operation comes from the account owner with an active key certificate valid at a particular moment. This software tests both advanced and conventional electronic CPU. At the same time, there is no need to connect to the Internet when checking, and archival preservation of documentation is ensured. An electronic signature can be:
- attached, that is, added to the endorsed documents;
- separated electronic signature, that is, created separately.
The software product “CryptoPro EDS Browser plug-in” is distributed free of charge and downloaded from the official website. The plugin's operation is checked on the user's computer.
Software installation
The installation process is simple. You should go to the official portal cryptopro.ru/products/cades/plugin/get_2_0. Upload, specifying where the cadesplugin.exe boot file will be saved. Launch the program.
Important! Launching the plugin is not available for regular users. You must have administrator rights.
Upon successful completion, a corresponding notification will appear on the monitor screen.
But this message is not a guarantee of correct operation. You will need to carry out additional configuration and verification of the Browser plug-in digital signature depending on the type of browser used. For correct operation, the installed program must be restarted, in some cases with a complete reboot of the computer.
Advice! Whatever browser the program is used in, you should always restart it after installation.
Features of the installation process
Considering that each browser works slightly differently, the plugin is adapted for each environment.
Attention! If errors are detected before starting work and the program does not create objects, then it is necessary to allow it to run independently for specific sites or pages that the user frequently visits.
In cases where the plugin is used on specific pages, a corresponding icon is needed that will indicate the possibility of using this extension.
To do this, you need to find the CryptoPro CAdES NPAPI Drowser Plug-in and allow it to be used in automatic mode. This is true for Mozilla Firefox. For Opera and Yandex, the procedure for using the extension is identical.
Find the “Extensions” item in the menu and load the plugin through it. You can also copy and paste the extension name into the corresponding query string. The system will do everything itself. For the Google Chrome browser, the extension will be found on its own, and the user will only have to confirm the installation.
After completing all operations and settings, you must close all windows and tabs and restart the browser.
What to do if the system “does not detect” the program?
It often happens that when installing a plugin and then trying to work with digital signatures, problems appear. A window pops up prompting you to install the program. In this case, it is recommended to go to the developers’ website in the “Contacts” section, explain the essence of the problem and receive appropriate recommendations. It is recommended to provide screenshots of all actions. In this case, identifying the problem will be much easier. If the check was successful, a corresponding notification appears that the plugin has been loaded.
Recommendations for using the software
If you have to reinstall a plugin that already exists but is not working, then first you need to:
- remove it and all unnecessary programs through the “Control Panel”;
- clear cache memory;
- download the plugin again and run it with administrator rights;
- be sure to add all “Personal Accounts” pages to trusted nodes.
) in the "Products" section -> "CryptoPro EDS Browser plug-in"
When you run the downloaded file, the system will prompt you to elevate your rights to system administrator. Installation without administrator rights is not possible.
After installation, be sure to restart your browser! Sometimes (in case of using Chrome) a system reboot is required, because... Closing all chrome windows does not unload the browser from RAM in all cases.
Additional settings for FireFox version 52.0 and later
Don't forget to install the plugin
For the plugin to work in FireFox starting from version 52, you must install the latest version of the plugin (at least 2.0.12888) (see) and a special extension for FireFox.
To install the extension, follow the link from your FireFox. After the transition, you will be prompted to install the extension for FireFox - you must confirm the installation by clicking Install.
After installing the add-on, its launch is allowed only after confirmation by the user. You can allow the add-on to run either only for the current site or forever for all sites
Option 1: setting permission to use the add-on only for the current site (https://www.site)
When the error occurred: The plugin is loaded, but objects are not created Pay attention to the address bar - an add-on icon has appeared in it:
Click on this icon - you will be asked to run the add-on and remember permission to run the add-on for this site forever.
Option 2: setting permission to use the add-on for all sites
Open the page with installed FireFox add-ons
In the add-on list, find CryptoPro CAdES NPAPI Browser Plug-in and change its launch mode to “Always Enable”
Additional settings for Opera
Open the page that searches for an add-on to install:
Enter "CryptoPro" in the search bar - the extension "CryptoPro Extension for CAdES Browser Plug-in" will be found. Click "Add to Opera" to install.
Additional settings for Yandex browser
For Yandex browser you need to follow a procedure similar to the case with Opera.
Additional settings for Google Chrome: permission of installed add-on
If the add-on is successfully installed, the next time you start Chrome you will receive a message asking you to confirm the launch of the add-on
In this dialog, you must allow the use of the extension
