diff --git a/app/controllers/repp/v1/certificates_controller.rb b/app/controllers/repp/v1/certificates_controller.rb
index f814941ef..1403feb06 100644
--- a/app/controllers/repp/v1/certificates_controller.rb
+++ b/app/controllers/repp/v1/certificates_controller.rb
@@ -36,7 +36,14 @@ module Repp
       desc "Download a specific api user's specific certificate"
       param :type, String, required: true, desc: 'Type of certificate (csr or crt)'
       def download
-        extension = params[:type] == 'p12' ? 'p12' : 'pem'
+        extension = case params[:type]
+                   when 'p12' then 'p12'
+                   when 'private_key' then 'key'
+                   when 'csr' then 'csr'
+                   when 'crt' then 'crt'
+                   else 'pem'
+                   end
+
         filename = "#{@api_user.username}_#{Time.zone.today.strftime('%y%m%d')}_portal.#{extension}"
 
         data = if params[:type] == 'p12' && @certificate.p12.present?
diff --git a/app/models/certificate.rb b/app/models/certificate.rb
index 22a865cc7..ec30f6aec 100644
--- a/app/models/certificate.rb
+++ b/app/models/certificate.rb
@@ -52,6 +52,25 @@ class Certificate < ApplicationRecord
     @p_csr ||= OpenSSL::X509::Request.new(csr) if csr
   end
 
+  def parsed_private_key
+    return nil if private_key.blank?
+    
+    OpenSSL::PKey::RSA.new(private_key)
+  rescue OpenSSL::PKey::RSAError => e
+    Rails.logger.error("Failed to parse private key: #{e.message}")
+    nil
+  end
+
+  def parsed_p12
+    return nil if p12.blank?
+    
+    decoded_p12 = Base64.decode64(p12)
+    OpenSSL::PKCS12.new(decoded_p12, Certificates::CertificateGenerator::P12_PASSWORD)
+  rescue OpenSSL::PKCS12::PKCS12Error => e
+    Rails.logger.error("Failed to parse PKCS12: #{e.message}")
+    nil
+  end
+
   def revoked?
     status == REVOKED
   end
diff --git a/app/services/certificates/certificate_generator.rb b/app/services/certificates/certificate_generator.rb
index a7e6c954e..bfea04977 100644
--- a/app/services/certificates/certificate_generator.rb
+++ b/app/services/certificates/certificate_generator.rb
@@ -124,7 +124,7 @@ module Certificates
       cert
     end
 
-    def create_user_p12(key, cert, password = '123456')
+    def create_user_p12(key, cert, password = P12_PASSWORD)
       ca_cert = OpenSSL::X509::Certificate.new(File.read(ca_cert_path))
 
       p12 = OpenSSL::PKCS12.create(
diff --git a/lib/serializers/repp/certificate.rb b/lib/serializers/repp/certificate.rb
index 20ade8c8d..4b40b9e47 100644
--- a/lib/serializers/repp/certificate.rb
+++ b/lib/serializers/repp/certificate.rb
@@ -9,8 +9,7 @@ module Serializers
 
       def to_json(obj = certificate)
         json = obj.as_json.except('csr', 'crt', 'private_key', 'p12')
-        
-        # Безопасно извлекаем данные из сертификатов
+
         begin
           csr = obj.parsed_csr
         rescue StandardError => e
@@ -46,7 +45,6 @@ module Serializers
         json[:csr] = csr_data(csr) if csr
         json[:crt] = crt_data(crt) if crt
         
-        # Если в тестовой среде данные не удалось извлечь, добавляем заглушки
         if (Rails.env.test? || ENV['SKIP_CERTIFICATE_VALIDATIONS'] == 'true')
           if csr.nil? && obj.csr.present?
             json[:csr] = { version: 0, subject: obj.common_name || 'Test Subject', alg: 'sha256WithRSAEncryption' }