All about car tuning

The certificate chain cannot be created. The certificate chain for the trusted root authority cannot be built. Causes of errors in the certificate chain

Possible reason:
The root certificate of your Certification Authority (CA) is not installed.

Your actions:
Install the root certificate of the Certification Authority.

Mistake #2. Failed to create CPSigner

Possible reasons:
1) Additional software from the site is not installed Manufacturer;
2) The library does not work correctly CryptoPRO Cadescom.

Your actions:

2) Reinstall CryptoPRO Cadescom.
Detailed instructions you can download

Mistake #3. Error opening storage. The object does not support the "Open" facility or method

Possible reasons:
1) No additional software installed;
2) Additional add-ons are not running in the browser.

Your actions:
1) Install Specialized Software from the Fabrikant Portal;
2) Launch pop-up browser add-ons.
You can download detailed instructions

Mistake #4. "Could not check certificate status." or "Not valid. The revocation status of the certificate or one of the certificates in the certificate chain is unknown"

Possible reason:
CA certificate revocation lists are not installed or updated automatically.

Your actions:
Contact the CA or install certificate revocation lists on your PC yourself.
You can download detailed instructions

Mistake #5. Your certificate has been verified and can be used in any section on the Fabrikant Trade Portal, except for the Rosatom section

Possible reasons:
1) De-synchronization of the OCSP server of your CA;
2) There is no link to the CA's OCSP server in the certificate.

Your actions:
Contact the Certification Authority to verify the certificate or check it yourself.
You can download detailed instructions

Mistake #6. "Insert key media (key media and selected certificate do not match)."

Possible reasons:
1) A key media that does not correspond to the selected certificate is inserted;
2) A certificate has been selected that does not match the inserted key media.

Your actions:
1) Check which key media is inserted;
2) Check the selected certificate.
You can download detailed instructions

Mistake #7. Function execution error.

Possible reason:
The license for CryptoPRO CSP.

Your actions:
1) Contact the Certification Center to obtain a license for CryptoPRO CSP;
2) Enter the license for CryptoPRO CSP.
You can download detailed instructions

Mistake #8. The inscription "undefined"

Possible reason:
Browser settings do not work correctly Internet Explorer.

Your actions:
1) In the browser, go to the menu "Service" and select "Internet Options";
2) In the window that opens, go to the tab "Additionally" and press the button "Reset";
3) Restart your browser Internet Explorer.
You can download detailed instructions

Mistake #9. Algorithm error.

When completing documents or registering an organization, users encounter an error - “It is not possible to build a chain of certificates for a trusted root center" If you try again, the error appears again. What to do in this situation, read further in the article.

Causes of errors in the certificate chain

Errors can occur for various reasons - problems with the Internet on the client side, blocking software Windows Defender or other antiviruses. Further, the lack of a root certificate of the Certification Authority, problems in the cryptographic signature process, and others.

Fixing an error when creating a certificate chain creation for a trusted root authority

First of all, make sure that you do not have problems with your Internet connection. The error may appear if there is no access. The network cable must be connected to the computer or router.

  1. Click the "Start" button and search for "Command Prompt."
  2. Select it with the right mouse button and click “Run as administrator”.
  3. Enter the following command in the DOS window “ping google.ru”.

When the Internet is connected, you should see data on sent packets, transmission speed and other information. If there is no Internet, you will see that the packets did not reach their destination.

Now let's check the presence of the root certificate of the Certification Authority. For this:


If there is no certificate, you need to download it. In most cases, it is located in the root certificates and the user only needs to install it. It is also worth remembering that it is best to use the Internet Explorer browser so that fewer errors and failures occur during the work process. Try to find the CA in the root certificates, after that all you have to do is click the “Install” button, restart your browser, and you will solve the problem with the error - “Cannot build a certificate chain for the trusted root authority.”

Checking the CA root certificate in the browser

The test can be performed in a browser.

  1. Select “Service” from the menu.
  2. Next, click the “Internet Options” line.
  3. Click on the Contents tab.
  4. Here you need to select “Certificates”.
  5. Next tab " Trusted centers certification." There should be a CA root certificate here, usually it is at the bottom of the list.

Now try again the steps that caused the error. To obtain a root certificate, you must contact the appropriate center where you received the UPC ES.

Other ways to fix certificate chain error

Let's look at how to properly download, install and use CryptoPro. To make sure that the program is not installed on your PC (if there are several users on the computer), you need to open the Start menu. Then select “Programs” and look for “CryptoPro” in the list. If it doesn't exist, we'll install it. You can download the program from the link https://www.cryptopro.ru/downloads. Here you need " CryptoPro CSP» - select the version.

In the next window you should see a pre-registration message.

Installation of CryptoPro

Once the installation file is downloaded, you need to run it to install it on your computer. The system will display a warning that the program is asking for permission to change files on the PC, allow it to do so.

Before installing the program on your computer, all your tokens must be extracted. The browser must be configured to work, with the exception of the Opera browser, all default settings have already been made in it. The only thing that remains for the user is to activate a special plugin for work. During the process, you will see a corresponding window where Opera offers to activate this plugin.

After starting the program, you will need to enter the key in the window.

You can find the program to launch in the following path: “Start”, “All programs”, “CryptoPro”, “CryptoPro CSP”. In the window that opens, click the “Enter license” button and enter the key in the last column. Ready. Now the program needs to be configured accordingly to suit your needs. In some cases for electronic signature use additional utilities - CryptoPro Office Signature and CryptoAKM. You can fix the error - it is not possible to build a chain of certificates for a trusted root center - by simply reinstalling CryptoPro. Try this if other tips don't help.

Is the error still appearing? Send a request to the support service, in which you need to post screenshots of your sequential actions and explain your situation in detail.

I encountered a small problem during the ordinary and everyday registration procedure at one of trading platforms government procurement. Everything usually goes without problems, everyone is used to the keys, registrations, and most often the users themselves are able to do everything necessary according to the instructions. But then a glitch arose and I was asked to help figure it out.

We will talk specifically about the site zakupki.mos.ru, but the key is used not only on this site. It is universal and suitable for many trading platforms. And the error is not directly related to the site at all, but relates to the issue of using electronic digital signatures.

The company changed its name and needed to reissue all certificates. We have been working with certificates for a long time; they were issued by the same company where we first ordered them. It was supposed to work with the same sites. We did everything as usual, but we couldn’t register using the certificate. Various types of errors appeared. Specifically on the website zakupki.mos.ru the error was as follows:

An untrusted certificate was used. Signing failed: The certificate chain for the trusted root authority cannot be built. (0x800B010A)

The error is largely understandable, but it is not clear how to fix it, given that all the necessary certificates, including the root certification authority, have been installed. Let's go check them out. To do this, open the CryptoPro snap-in:

Let's go to the section: Certificates - current user - Personal - Registry - Certificates. We open our certificate and look at its properties. Specifically, we are interested in the section Certification Path. Unfortunately, I don’t have any screenshots left before solving the problem, so I’ll have to describe in words what’s going on there. Then I’ll show you how everything should look in order for it to work properly.

The chain of certificates looked like this: CA 1 IS GUTS - JSC "EETP" - User Certificate. At the same time, in root certificate UTs 1 IS GUTS there was an error message:

The provider of this certificate cannot be found

And there is another error in its properties:

There is not enough information to verify this certificate

At the same time, the CA 1 IS GUTS certificate was on the computer in the list of trusted root certification authorities. You can check this through the same CryptoPro snap-in in the next branch: Trusted Root Certification Authorities - Registry - Certificates. I was sure that CA 1 IS GUTS is the root certification authority of the very first level and could not understand who else should confirm its trust. At the same time, in the previous certificate, JSC EETP was the root certificate, and no one else. And everything worked fine.

I spent some time searching the Internet about this topic. There is a lot of information, but mostly these are all sorts of installation errors, etc. They suggest rearranging certificates, reinstalling crypto pro and everything like that. But I didn't have any errors. As a result, I got to the page http://pravo.gov.ru/uc/resourses_uc.html, installed from there Root certificate of PAK "Head Certification Authority" and everything fell into place. It turns out that it is the first in the chain of certificates that I used. For everything to work as expected, you must have the following certificates in your trusted list.

And this is what the full certification path for a user certificate looks like.

I originally have the very first Head certification center there wasn't, and I didn't know there should be one. When I installed it, everything became normal. Perhaps people installed something wrong from the installation disk, or screwed things up along the way. I figured it out remotely and didn’t see what software came with the key. In fact, the problem is popular; there are many reviews and advice on the Internet. I hope this information will help someone save time.

Online course on Linux

If you have a desire to learn how to build and maintain highly available and reliable systems, I recommend that you get acquainted with online course “Linux Administrator” in OTUS. The course is not for beginners; for admission you need basic knowledge on networks and installing Linux on a virtual machine. The training lasts 5 months, after which successful course graduates will be able to undergo interviews with partners. What this course will give you:
  • Knowledge of Linux architecture.
  • Development modern methods and data analysis and processing tools.
  • Ability to select a configuration for the required tasks, manage processes and ensure system security.
  • Proficient in the basic working tools of a system administrator.
  • Understanding of the specifics of deploying, configuring and maintaining networks built on Linux.
  • The ability to quickly solve emerging problems and ensure stable and uninterrupted operation of the system.
Test yourself on the entrance test and see the program for more details.