How to create a CEP for Authentication using OpenID Connect 1.0?

A

Aleksandr Yurchenko2021-11-30 16:15:42

PHP

Aleksandr Yurchenko, 2021-11-30 16:15:42

Good afternoon.

I'm trying to implement ESIA integration through OpenID Connect, I'm reading " Guidelines for using the Unified ... (Version 2.87)". Section 3 AUTHENTICATION OF USERS THROUGH
ESIA", subsection "Authentication using OpenID Connect 1.0".

Step 1-2 (IP registration) - completed, stuck at point 3 (Improve the system), I quote 1 subparagraph:

Выпустить ключевой контейнер и сертификат ключа квалифицированной электронной
подписи для подключаемой ИС (должен содержать ОГРН ЮЛ, являющегося оператором
ИС). 

Сертификат требуется для идентификации ИС при взаимодействии с ЕСИА. ЕСИА
использует сертификаты в формате X.509 и взаимодействует с алгоритмами
формирования электронной подписи ГОСТ Р 34.10-2012 и
криптографического
хэширования ГОСТ Р 34.11-2012.

How can I issue a QES (qualified electronic
signature) in order to indicate it in the application in the future.

There was no experience of integration with the ESIA, and the study was very long, which is not a regulation / manual - necessarily 50-200 pages. Maybe someone has already been involved in integration and can explain on the fingers, I will be very grateful.

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

A

Anton, 2021-11-30
@karminski

It is understood that you must contact any CA (certifying authority) in your region in order to purchase CEP for money.

E

Eugene, 2021-12-01
@udjin123

It is not entirely clear what CEP is required from a certified CA or a test one, a test one can be generated here testgost2012.cryptopro.ru/certsrv I know that it is used to test interaction with the same tax authority, otherwise there is no option to only receive money from the CA