N
N
NoobStar2021-08-27 21:51:23
1C
NoobStar, 2021-08-27 21:51:23

What needs to be deployed for EDS 1C workflow?

There is a task to make friends 1s (document flow) (thin client) with EDS in a domain environment.
Connection occurs through thin clients via rdp to the terminal server where 1s is launched.
-------------------------------------------------- ------------------------------------------------------
Am I correct I understand that there are two options for storing certificates for this task:
1) User certificates are stored locally on their wheelbarrows in personal certificates, in 1s I manually import each user's certificate.
2) User certificates are stored on the 1c server
***3) Is it possible that 1C will check the private key from the token that is forwarded through the thin client via rdp or the certificates must be stored on the server or on the local PC?
-------------------------------------------------- -------------------------------------------------- ----------------------------------------
Do I understand correctly that the server with 1s do I need to install cryptopro (server) / vipnet (free) to organize the storage / verification of user certificates on the server?
-------------------------------------------------- -------------------------------------------------- -----------------------------------------
Here they write that the service "Server Agent 1s" needs to be run under a specific user. From the same user, crypto protection will be installed on the server. I do not quite understand how to store / import user certificates in such cases.

Answer the question

In order to leave comments, you need to log in

1 answer(s)
V
VitalyChaikin, 2021-08-29
@VitalyChaikin

We use 1 option; A crypto-pro is installed on the user's local computer; Then the certificate is added to 1C Document Management (we have 1.4) and this can be done by the user himself (you just need to know where it is in the menu) The token is inserted into the user's local computer.
I have no experience with the second option. It is necessary to try, perhaps the only difference is that all certificates are added from the server (that's all)
According to the third option, rdp to the server, and the token is inserted into the server? (Did I understand correctly? Well, it will work;) In general, the idea is this: at the time of signing, the user session must gain access to the token;
About the service "Server Agent 1c" - always runs under a separate user with administrator rights; This is done so that there are no problems (at the level of access rights) to services (crypto-provider CSP), to the disk, etc.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question