Checking a secure connection to the server of the personal account of an individual entrepreneur. Taxpayer’s personal account Configure your browser to eliminate the “Secure connection check” error

Compliance with the following conditions for using the service will be checked. At the last step of the verification, you will be asked to indicate (select) the electronic signature verification key certificate (hereinafter referred to as SKPEP), issued by a certification center accredited by the Ministry of Telecom and Mass Communications of the Russian Federation, and enter the password to the key storage.

  • Operating system - Microsoft Windows
  • Internet browser - Microsoft Internet Explorer
  • A secure connection to the server is possible using GOST 28147-89 and GOST R 34.10-2001 algorithms
  • A signature key certificate has been installed, issued by a certification center accredited by the Ministry of Telecom and Mass Communications of Russia

Checking the operating system

You are using an operating system other than Microsoft Windows. It is recommended to use Windows XP SP3 or higher.

Checking the Internet browser

You are using an Internet browser other than Microsoft Internet Explorer. It is recommended to use Microsoft Internet Explorer version 8.0 or higher.

Unfortunately, you will not be able to use the service.

Checking a secure connection to the server using GOST 28147-89 and GOST R 34.10-2001 algorithms

Unfortunately, checking the possibility of a secure connection to the server failed. This could happen for one of the following reasons:

  • The antivirus is blocking the secure connection, run checks with the antivirus disabled (most often refers to free antivirus software).
  • Your computer does not have crypto tools installed that are compatible with CryptoPro (CryptoPro CSP version 3.6 R4 or later).
  • Your computer does not have a root certificate from the CA of the Federal Tax Service of the Russian Federation. You can install it from the website of the CA Federal Tax Service of the Russian Federation (the certificate of the CA Federal Tax Service of Russia must be installed in the “Trusted Root Certification Authorities” folder).
  • The browser does not allow TLS connection. Go to the menu “Tools” - “Internet Options”. Go to the “Advanced” tab and check the “TLS 1.0” box
  • Port 443 is not available. Access may be denied by the organization's system administrator. Check port availability with your system administrator.

Verifying authorization using a signature key certificate issued by a certification center accredited in the network of trusted CAs of the Federal Tax Service of Russia

  • A signing key certificate compatible with CryptoPro (corresponding to GOST 28147-89 and GOST R 34.10-2001) is not installed on your computer.
  • Your signing key certificate has expired.
  • The signature key certificate you are using was issued by a certification center that is not accredited by the Russian Ministry of Telecom and Mass Communications.
  • Your signing key certificate is on the revocation list.

All checks completed successfully. You can start working with the service.

Back Perform checks Start working with the service

A large number of taxpayers are faced with the error “Checking a secure connection to the server of the personal account of an individual entrepreneur.” In this case, users cannot access their personal account and use its functions. Let's look at what to do in this situation later in the article.

Error "Checking secure connection"

The error occurs when visiting sites for paying taxes, as well as when registering on them. Users often contact the service’s technical support with this question. First of all, support advises disabling anti-virus software for a while. This can be done from the Quick Access toolbar at the bottom of the Windows screen. When installing an antivirus, a special extension is added to the default browser. It serves to block suspicious sites, as well as those sites that are included in the antivirus database.


Disabling antivirus extensions in the browser

Disabling the extension is quite simple, you need to go to the browser settings, find the item with the extension and, on the contrary, set the status to “Disabled”. After that, try to go back to the site where the error “Checking the secure connection of the individual account” occurred. The site you are trying to access must be listed in your browser's trusted sites. This can also be done in the settings. If an error occurs when trying to log into your account on nalog.ru, you must:

  • allow the use of ActiveX components;
  • install the CryptoPro EP browser plug-in;
  • install all root certificates of the Federal Tax Service CA and personal certificates.

For those using ESET antivirus, there is one more thing you need to do:

  • open the program;
  • select settings;
  • open the “Advanced settings” item;
  • select “Internet and email” here;
  • go to the “Access Protection” section;
  • select “Web protocols”;
  • then in the “Module Settings” uncheck the “Activate HTTPS verification” checkbox.

Configure your browser to resolve the “Secure connection check” error

To resolve the error “Checking a secure connection to the server of a legal entity’s personal account,” you need to make some browser and operating system settings.

  1. Launch your antivirus and perform a full system scan for viruses.
  2. Open the browser you are using and delete all temporary files, history, cookies, and cache. Reset settings to default.
  3. For sites such as nalog.ru, it is best to use the system browser Internet Explorer or Edge. This will reduce the likelihood of errors occurring in the future.
  4. After checking the system for viruses, temporarily deactivate the antivirus, and also turn off Windows Defender and other firewalls.
  5. You need to delete the current version of CryptoPro and install it again. It is better to install after all the recommendations have been made and the system has been cleaned.

You can use the Safari browser instead of IE. Also, you can use the newer version of CryptoPro 4.0. You only need to download it from the official website. You can use the demo version for 3 months without entering a license key.

Other methods to eliminate dysfunction

Often, an error occurs not only when connecting to the server of the personal account of an individual entrepreneur, but also to the server of the personal account of a legal entity. The cause of the “Checking a secure connection” error may be the CryptoPro settings. Here you need to go to the “TLS Settings” tab and uncheck the “Do not use legacy cipher suite” checkpoint.


Setting up the CryptoPro program

After this you need to restart your computer. You can try to manually install the certificate for this.

Question: Message about page inaccessibility when trying to log into your personal account using IE on certain sites


Hello! Ie doesn't work. Well, of course, it works and displays pages, but when you try to log into your personal account bus.gov.ru zakupki.gov.ru it says that the page is not accessible... And if this were a one-time incident, it would be blocked but this is repeated on different computers with enviable regularity.

Answer: Well, as it turned out there were three ways to solve this problem, the first was reinstalling crypto pro, the second needed to clean something in the registry, and the third was what I used. In the command line as an administrator, enter the command regsvr32 cpcng. And as it turned out, this problem occurs for many people and just on win 7 x 64

P.S. This is the path I followed and found a solution on the “CryptoPro Forum”:

Message from tikhonov

Message from katbert

Today I encountered the same problem - after installing the October portion of patches on Windows 7 + CryptoPRO 3.6.7491 (R3).
When you try to log into your Personal Account under 44-FZ

Immediately crashes to the error "Internet Explorer cannot display this web page"
The problem was reproduced on the test virtual machine. It doesn’t even get to the list of available certificates

I rolled back some of the patches - it didn't help. Restored CryptoPRO through the control panel
After this, logging into your personal account worked

But it broke again after installing KB3042058:
Update to Default Cipher Suite Priority Order

If this is a widespread problem, is there a solution other than reinstalling CryptoPRO manually on each machine?


The reason is that the cipher suit is modified in:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cryptography\Configuration\Local\SSL\00010002\Functions
You can fix it if you click “Restore” on the CSP in appwiz.cpl.

In principle, you can manually fix it by adding the following line to the beginning of the list:
TLS_GOST_R_3410_01_WITH_28147_CNT_IMIT

Question: Personal account of a legal entity nalog.ru


Hello everyone.
In connection with the application of 54-FZ (if it were wrong), such a concept as online cash registers appeared.
We received a Qualified Electronic Signature for a legal entity. Installed on a working machine running Windows 10 pro x64, CryptoPRO, certificates, root, guest, etc., all according to the instructions.
Windows is just installed, the firewall is turned off, there is no antivirus.
Configured by VLSI technical support specialist.
We registered and went into the 1-OFD personal account, the certificates and the key all worked correctly.
Next, to register the cash register with the tax office, you need to go to the personal account of the legal entity.
We follow the link, start checking and get an error at the last point.
Checking a secure connection to the server of the Personal Account of a legal entity

Trust may not be established between the client and server.

I found a solution to this problem (this is in the CryptoPro tab "TLS Settings" and uncheck the box "Do not use outdated cipher suites", reboot the computer), it does not help.
We rechecked all the settings, everything is configured correctly. A specialist from SBIS technical support came in, rechecked all the points together, nothing helps, so he recommended contacting tax technical support.
We contacted them, made all the screenshots, exported the certificate, and described it. They are silent for the second day.
In the reference materials on the website nalog.ru, there is an option to try following the links
And
Well, the httpS address does not open.
When opening in chrome we get the error ERR_SSL_PROTOCOL_ERROR.

Two questions: is this a problem with us or did the tax specialists do something wrong?
And the second question, has anyone managed to log into the personal account of a legal entity?

Please help.

P.S. I apologize for the many letters, but I tried to describe the problem in more detail.
P.P.S. Now the nalog.ru website does not open at all.
P.P.P.S. If I made a mistake in the section, I apologize and please move it to the correct one.

Answer: But what a cool thing they did... everyone will now install a root certificate... and then you can easily replace https sites at the provider level)

Question: Login of a legal entity to nalog.ru (registration of a cash register)


Good day everyone! At a new job, the following situation arose - they wanted to register a cash register, so they gave it to an outsourcing company. The outsourcer calls on Thursday and states that we cannot register your cash register because we cannot log into your personal account. In a sluggish, smooth flow, all this was thrown at me, but I have no idea how everything with digital digital signatures is arranged in this organization, so I have a bunch of questions that no one can really answer for me. Outsource offered - you log into your account, we will connect to you and register you.
We started to enter - the organization has access to digital signatures on 2 computers. On one of the computers (buh), the last step when checking the settings does not work - trust has not been established between the client and the server. The site crashes with an error and opens without S.

On another computer it hangs at the penultimate step, spinning the wheel to infinity after selecting a digital signature for use.
I decided to try it at home on a virtual machine, because I don’t have much confidence in their computers. I did everything according to the instructions - it also hangs on the penultimate step - the wheel spins indefinitely. Now the question arises. The key should generally be on the token or it can be sent by email, you put it in as a certificate (install it) without cryptopro and lo and behold, a miracle should happen?
EDS issued by the Treasury. I called the treasury - they said contact the tax office. I called the tax office - they said write to technical support. Technical support wrote to perform the regulatory actions - the result has not changed.

Similar topic -

Can anyone help me?

Answer:() Does the Treasury hand out qualified certificates? They are simply reinforced, not qualified, that’s why it doesn’t work

Question: Registration in http://lkul.nalog.ru/ Legal entity using VipNet. Is it possible to?


Good afternoon, colleagues.
The question is this. There is Vipnet CSP with electronic signature. Now it is necessary to register the cash register under 54-FZ with the tax office, through the tax office’s personal account.
The ambush is that when registering using an electronic signature, it reaches the last step and curses:
"We could not verify the ability to connect to the server.
Trust may not be established between the client and server."

I started reading on the Internet and found out that you can’t log into your personal account using Vipnet, you can only through Crypto PRO, but damn, all the certificates and containers with private keys are already made in vipnet and using them in Crypto PRO is not an option, you need to re-register.

Has anyone managed to register/log in to a legal entity’s personal account via VipNet?

Answer: () <<специально не припоминаю чтобы ставил какие-то модули ГОСТ... CADES плагин от крипто-про и все >>

from "List of methods and properties of the cadesplugin object":
(you can look at more complete documentation at cryptopro.ru)

CADESCOM_ENCRYPTION_ALGORITHM_GOST_28147_89 = 25 - Algorithm GOST 28147-89.
- CADESCOM_HASH_ALGORITHM_CP_GOST_3411 = 100 - Algorithm GOST R 34.11-94.
- CADESCOM_HASH_ALGORITHM_CP_GOST_3411_2012_256 = 101 - Algorithm GOST R 34.10-2012.
- CADESCOM_HASH_ALGORITHM_CP_GOST_3411_2012_512 = 102 - Algorithm GOST R 34.10-2012.

so yes, you didn’t set anything specifically for GOST :)))
I just installed cadesplugin :)))

Question: Parental controls (limit the number of people who can use the Internet)


Good day to all! Let's say I want to limit the number of people in an apartment who can use the Internet. That is, roughly speaking, you need 2 laptops to work and nothing else. Is it possible to do this and if so, how?

Answer: Kari, buy a router and make protection by MAC addresses, as an exception, manually enter the MAC addresses of the network cards of only these 2 laptops

Added after 2 minutes

Message from Kari

I want to limit the number of people in the apartment

Drive unnecessary people out of the apartment onto the street and put a combination lock on the front door of the apartment))

Question: nalog.ru with server 2012 r2


Good day!
the situation is like this..
When entering nalog.ru the following problem occurs: on server 2012 r2 - vipNet 4.2 - I log in through explorer 11 - nalog.ru - legal. face office - *button* “Read the conditions and check their compliance” - *button* “start checking” - select the certificate that is pulled from VipNet -
and then it begins

***Checking a secure connection to the server of the Personal Account of a legal entity.
Failed to check the ability to connect to the server.
Trust may not be established between the client and server.***

when entering through

This page cannot be displayed

Enable TLS 1.0, TLS 1.1, and TLS 1.2 in the advanced settings and try connecting to again. If the error persists, this site may be using an unsupported protocol or cipher suite, such as RC4 (link to article with details), that is not considered secure. Contact the site administrator.

(The site has been added to the safe list, tls are enabled, antivirus is disabled, the firewall is also disabled, the cache is cleared......
and everything they write about on the website nolog.ru has been done...

Answer:

Well, isn't it the spitting image of Internet Explorer?

Question: Printing only to a “neighboring” printer for users “moving” between offices


Hello.

I'm asking for advice/recommendations
Given: Terminal farm of three servers (load balancing); a domain controller, including a print server role; in each office of the organization from 1 to 3 thin clients; each office has 1 network printer; configured roaming user profiles; users work in different offices every day.
Necessary: the user should always print to the printer of the office in which he is located. It is advisable for him not to see the rest of the printer at all.
Suggested solution: create a group policy for each network printer; in it, through GPP, assign this printer to the user if he is logged in from any of the terminals from the same account; set “Delete this item when it is no longer used” so that the printer is deleted if the user switches to another account. But that’s a lot of politics, isn’t it? Is it normal?

Help with advice)))

Answer: I understood about "multiple users"
We were just talking about a script that runs when ONE user logs in. where does the second one come from?
that is, at least 1000 of them can come in, but the script will work for everyone

Ltp, usb is for local printers. you will connect users to the print server (I hope)

Message from gurlov

Is it really impossible to use group policies without full knowledge of the syntax of the net use command?

You see, it's like driving a car but not being able to reverse it.
The administrator must be able to write scripts and know OS commands (better than several).

In general, read about Logon scripts, I especially liked kix at one time.
but you go further and use powershell - and you will improve your skill and solve the problem

Question: Purchasing Windows7 keys for a legal entity


Hello! I need to buy operating systems for a small business, I plan to use 3 computers for now. It is planned to use Windows 7 as the operating system. The purchase is planned for a legal entity, payment is possible in any form. The main thing is that there are no problems with licenses in the future. So the question is, please advise where I can buy keys (since this is the most profitable option). And advise, is it worth taking the enterprise version or you can take home premium, or even professional.
I found quite a few options for physical. persons (for example:), but I need it specifically for legal purposes. persons..
For individual entrepreneurs
With key

Gives an error at the last step

Checking a secure connection to the server of the Personal Account of an individual entrepreneur.

He writes this bullshit:

The check ended with an error

Failed to check the ability to connect to the server. Try following the link.

Dear user, please do the following:

1. Check if the firewall is enabled on the system or if there is a proxy server on the network that may block https connections. Also check whether your antivirus is affecting the attempt to establish a secure connection with the IP Personal Account service (to do this, the antivirus must be disabled while the test conditions are being met). If, after disabling the antivirus, all scans are completed successfully, then the addresses https://lkip.nalog.ru and https://lkipgost.nalog.ru need to be excluded from the scan zone of your antivirus (i.e., added to exceptions in the antivirus settings). (This is especially true for Avast antivirus)

2. Make sure that you do not have more than one crypto provider installed for GOST algorithms.

3. Download the latest current version of your crypto provider from the official website taking into account your license (for example, if you have CryptoPro CSP version 3.6.7491, it needs to be updated to version 3.6.7777). This is true for all versions of CryptoPro 3.6, 3.9 and 4.0 and for all operating systems (Windows XP, Windows7, Windows 8, Windows 8.1). For Windows 10, you can install versions of CryptoPro 3.9 or CryptoPro 4.0. Current versions of CryptoPro can be found on the official website https://www.cryptopro.ru/products/csp/downloads You can select the product version on the developer’s website at the link http://cryptopro.ru/products/csp/compare

4. Check that all conditions for connecting to your Personal Account are met. (Including that the nodes https://lkip.nalog.ru and https://lkipgost.nalog.ru are installed in the zone of trusted nodes. This can be checked if your browser version displays the security level of the node, you need to enable the display in the browser status bar (if not enabled), when going to this address it should contain the inscription “Trusted node”; other inscriptions indicate incorrect settings.
Also, ports 80 and 443 must be open to send and receive data from the Internet).
Check out the "Question and Answer" section, the link to which is located in the upper right corner of the Personal Account page and the "Checking compliance with access conditions" page

5. Enable SSL 3.0, TLS 1.0, TLS 1.1 and TLS 1.2 modes in the browser security settings; SSL 2.0 mode should be disabled. To do this, go to the Tools menu - Internet Options - Advanced tab.

6. Clear cookies and browser cache (ctrl+shift+del) (to clear, you need to select all the checkboxes)

8. If an error occurs during verification, go to your Personal Account using the direct link.

9. If you encounter problems when following a direct link, take a screenshot of the resulting page so that the address bar and browser status bar are visible. Then go to the test server at https://lk3-nalog.ru/ (this is necessary to analyze emerging problems connecting to your Personal Account, the address is not intended for going to the portal), take a screenshot of this page as well.

If ALL of the above steps did not help solve the problem, then please try to follow the steps described in the Frequently Asked Questions, topic “Access to your Personal Account using an electronic signature.”, subsection “Cannot pass the last point of checking whether the conditions for access to your Personal Account are met, and also it is not possible to open the main page after clicking on the link “Go to the Personal Account of an individual entrepreneur”, and if the problem still cannot be solved, then please let us know about it by creating a request to the technical support service using the link https://lkip.nalog .ru/support, in which you must indicate:

1) Time (Moscow) and date of attempt to connect to the server https://lkipgost.nalog.ru/lk

2) External IP address of the computer. You can determine it by following the link (http://myip.ru)

3) Attach 2 screenshots of the pages: https://lkipgost.nalog.ru/lk and https://lk3-nalog.ru, taken in step 9 showing the address and status lines

4) The exact full version of the crypto provider (for example, for CryptoPro CSP it must be at least 3.6.7777 (or, which is the same, 3.6 R4))

5) Browser version (full, can be found in the Help->About menu)

6) Operating system version

7) Attach the exported certificate WITHOUT the private key (see the "Frequently Asked Questions" section or on the application page, link "upload instructions")

8) If, when passing checks, an error message is displayed in one of the points, take and attach a screenshot (screenshot) of this page with the error message

9) Attach a screenshot of the browser settings page for the trusted sites zone, which shows that https://lkip.nalog.ru and https://lkipgost.nalog.ru have been added to the trusted sites zone

10) Attach a screenshot of the advanced browser settings page, which shows the SSL and TLS protocols (in the Tools menu - Internet Options - Advanced tab)

11) Execute the standard Windows OS Telnet command to check the availability of the address lkipgost.nalog.ru via port 443. To do this, type in the Command Line (enabled through the Start menu - Programs - Accessories - Command Line or by pressing the Win+R keys, then type cmd and press the Enter key) such a telnet command lkipgost.nalog.ru 443 (telnet command name, followed by two parameters, host name and port number, command parameters separated by a space). After typing the command, execute it by pressing the Enter key. Attach a screenshot showing the result of the command. Note: The Telnet command may not be enabled on some operating system versions. To activate it, you need to go to the Control Panel and find the “Programs and Features” section. Once in it, in the menu on the right, find the item “Turn Windows features on or off.” The “Windows Components” window will open, in which you need to find and select the “Telnet Client” item.

12) Screenshot of the "TLS Settings" tab (CryptoPro CSP utility) with the "Do not use outdated cipher suites" checkbox unchecked

Please send the collected information as an archive file.

Please note that messages containing all the requested information are processed first, and the problem can be resolved faster.

If you already have a qualified electronic signature (hereinafter referred to as CES) received from us, then you can work with it on the Federal Tax Service portal without submitting accounting and tax reports. Nalog.ru has Personal Accounts for individuals, individual entrepreneurs and legal entities.

To work in the Personal Account of an individual, the EPC must be issued to an individual, in the Personal Account of an individual entrepreneur and legal entity - to an individual entrepreneur and legal entity, respectively. For legal entities in the “Taxpayer Personal Account” service, initial registration can only be performed with a CEP issued to the manager indicated in the Unified State Register of Legal Entities as a person authorized to act without a power of attorney.

To submit accounting and tax reporting through nalog.ru, you will need an identifier, which is part of the “Nalog.ru” tariff plan. Information about the tariff plan on the CA website is posted in the full price list.

Note: you cannot report VAT on the nalog.ru portal. We recommend you the reporting service Kontur.Extern.

To ensure the operation of Federal Tax Service services, it is enough to undergo diagnostics and follow the recommended actions.

If there is an error at the last stage of the check, “It was not possible to contact the server using a secure connection. Trust may not be established between the client and server..." follow these steps:

1. Run the CryptoPro CSP program with administrator rights. Go to the “TLS Settings” tab and uncheck the “Do not use legacy cipher suites” checkbox. After changing this setting, you must restart your computer.

2. After rebooting the computer check the box “Do not use legacy cipher suites” in the CryptoPro CSP settings on the “TLS Settings” tab, do not agree with the reboot proposal.

3. Check that https scanning is not enabled in your antivirus (often found in Avast and ESET antiviruses).

4. Go directly to the desired account, bypassing checks, replacing the http protocol in the address bar with https. For the Personal Account of a legal entity, instead of http://lkul.nalog.ru/ you need to go to https://lkul.nalog.ru/, for the Personal Account of an individual entrepreneur - https://lkipgost.nalog.ru/lk.

5. Install two root certificates of 2017 and 2018 from the website https://www.gnivc.ru/certification_center/kssos/ in the “Intermediate Certification Authorities” storage.

6. If other CIPFs are installed on your computer (VipNet CSP, Continent-AP, Agava, etc.), delete them or go to another workstation.

7. Log in to your Personal Account via Yandex.Browser (before logging in, check that the “Connect to sites that use GOST encryption. CryptoPro CSP is required” setting is enabled (Menu/Settings/System/Network)).

8. If the previous point did not help, use the CryptoFox browser. In this case, logging into your personal account is performed via a direct link (https://lkul.nalog.ru for legal entities, https://lkipgost.nalog.ru/lk for individual entrepreneurs), bypassing checking the access conditions. On the page that opens, click Advanced -> Add Exception -> Confirm Security Exception.

mob_info