To work in the NSD EDC system the user's computer must have the following certificates and keys installed:

NSD certificate (public key) to encrypt messages sent from the client to the repository;
Clients certificate with public and private keys, used for creating digital signature to messages sent from the client to the repository and for decrypting messages sent from the repository to the client;
Root certificate of the Moscow Stock Exchange (Certification Authority, hereinafter CA).

On this page:

Further information:

Creating profiles

Scheme 1 shows the general procedure of installing certificates and keys.

Repository Web-client > Production environment keys > Документ8_en.png

Scheme 1 – the general procedure of installing certificates

Obtaining a certificate

From the Moscow Exchange you obtain a certificate of registration document and a CD disk, comprising of:

software (MOEX EDS DSSK: Certificates storage, MOEX EDS DSSK: Java API);
certificate of registration with private key.

The key and the certificate of registration are not intended to provide security of the transmitted information. They will be added to the Certificates storage for the generation of the private and public key and creating of a request to issue a certificate for the Moscow Exchange. The key and the registration certificate are to be copied to the root folder on any external drive, such as a usb-stick.

Certificate of registration are used for:

generation of user's private and public key;
creation of a request to issue a public key certificate.

Depending where the certificate is stored (external hard drive or a computer), the order they are added to the Certificates storage and making a request will differ.

If the key and the certificate of registration are stored on the user's computer

Repository Web-client > Production environment keys > шаг 1_en.png

During the first start a window will open informing you that you need to insert an external drive. As the key and the certificate of registration are located on your computer, skip this step and click Cancel

Repository Web-client > Production environment keys > шаг 2_en.png

During the initial connection the user only has a certificate of registration, so skip this step by clicking Cancel

Repository Web-client > Production environment keys > rsa_en_1.png

Repository Web-client > Production environment keys > шаг 3_en.png

Next the storage will be automatically checked for the presence of a personal certificate.

During the first start a personal certificate and copies of storagies are not available. Skip step by clicking No

Repository Web-client > Production environment keys > rsa_en_2.png

Repository Web-client > Production environment keys > шаг 4_en.png

Then the screen will sequentially display windows for selecting the certificate of registration, where you need to click OK and Yes respectively

Repository Web-client > Production environment keys > шаг 5_en.png

The window for adding a certificate of registration will appear, where you need to select the certificate file and click Open. The registration key will be imported automatically (provided that it is next to a certificate, in the same folder)

Repository Web-client > Production environment keys > rsa_en_5.png

Repository Web-client > Production environment keys > шаг 6_en.png

Next, the screen displays information about adding certificates of registration

The certificate of registration will serve as a basis for creating a personal and local storage. The personal storage is confirmed with an electronic signature using the registration key.

The personal storage will display the certificate of Moscow Exchange, and the user’s registration certificate under Certificate of registration

Click OK to continue working in the storage

Repository Web-client > Production environment keys > rsa_en_6.png

Repository Web-client > Production environment keys > шаг 7_en.png

Next, you will need to generate your public and private key and a request for their confirmation by the Moscow Stock Exchange by clicking OK

If the registration certificate and keys are stored on the computer, the request and the private keys will be generated automatically

Repository Web-client > Production environment keys > rsa_en_7.png

	If the key and the certificate of registration are stored on an external drive
	Before you begin, insert an external drive in the usb-port on your computer, then run the Certificates storage. This opens a window where you will need to select device containing the key and certificate of registration and click OK
	As a result the key and the certificate of registration will be added automatically. The screen will display a message containing information about the added files, where you need to click OK
	The certificate of registration will serve as a basis for creating a personal and local storage (profile). The personal storage is confirmed with an electronic signature using the registration key. The personal storage will display the certificate of Moscow Exchange, and the user’s registration certificate in Certificates of registration section
	Next, a message will appear informing you that the personal storage is protected with the registration certificate. In this window you need to click OK to create private keys and make a request for their confirmation (see Generation of user keys and creating a request)

Public and private key are created simultaneously with the request to the Certification Authority to issue a certificate. Keys cannot be used to protect information transmitted until they are certified by the Certification Authority (the Moscow Exchange). Therefore, a request is made for their confirmation, which contains information about the generated public key (Fig. 2) and information about the user, automatically added from the certificate of registration. The Moscow Exchange (CA) responds with an email containing certificate signed by the CA root certificate.

If the certificate of registration are stored on the computer, after step 7 in the table above, Certificates storage will automatically generate user's private and public keys and a request to issue a public key certificate (Fig. 2).

If the certificate of registration are stored on an external drive, to generate keys and make a request select the Справочник сертификатов (Certificates storage in the menu) (Fig. 1.1) → Сформировать запрос на получение сертификата (Generate certificate request) (Fig. 1.2), or click an icon Repository Web-client > Software installation, RSA > справочник 1.png on the toolbar.

Fig. 1 – generation of a request

In the Certificate request dialog box, click OK (Figure 2). This will open the Export files for the Registration Centers, where you should select a folder to which the request will be saved and click the Save button (Fig. 3).

Fig. 2 – request parameters Fig. 3 – export files

The resulting request (a *.pse file) needs to be compressed and sent to pki@moex.com, with a scanned and signed registration certificate (document) attached. The subject field should specify the name of the organization and the required scope of the certificate (for example, the Oblachnye Investitsii CJSC – exchange market EDI, stock market EDI). The Moscow Exchange will respond with a letter with an attached ZIP-file of the certificate. This certificate must be added to the Certificates storage.

The resulting certificate is valid only for the generated public and private key that is stored on the user's computer. Therefore, a certificate from the Moscow Exchange must be added to the Certificates storage installed on the same computer, where the certificate issue request was generated!

Adding a certificate to the Certificates storage

To add a certificate to the Certificates storage:

run Certificates storage menu using the Start menu→All Programs→ ПКЗИ СЭД МБ (MOEX EDS DSSK)→Справочник сертификатов (Certificates storage);
select Справочник сертификатов (Certificates storage)→Импортировать сертификат в локальный справочник (Import Certificate) to the local storage (see Figure 4). This will open a window to select the certificate file (Fig. 5);

Fig. 4 – starting to import file Fig. 5 – selecting a certificate
select the certificate file (see Fig. 5.1 ) and click OK (see Fig. 5.2 ). Before adding a window will open displaying the certificate to be added, in which you should click OK (Fig. 6).

Fig. 6 – information about the certificate to be added

This will open a window informing the certificate was successfully added to the Certificates storage, where you need to click OK (Fig. 7). Example of adding a certificate is presented in Fig. 8.

Repository Web-client > Production environment keys > rsa_en_17.png
Fig. 7 – informative message Fig. 8 – example of adding a certificate

Then the certificate must be set as default. To do this, select the added certificate, right-click on the shortcut menu, and select Сделать сертификат рабочим (Make certificate workable) (Fig. 9).

Repository Web-client > Production environment keys > rsa_en_18.png

Fig. 9 – selecting the working certificate

After adding a personal certificate to the Certificates storage, the personal storage is signed on the member’s personal certificate. The generation of a digital signature for sent messages is ensured by the private key.

Settings will be automatically applied to 64-bit Certificates storage.

The information for further preparation of the computer and the configuration of the installed components is presented in the following articles: