General
-
CheckCaExpire
-
CheckCardExpire
-
CheckEnroll
-
CheckSoftExpire
-
EnableWinlogon
-
EventList
-
ExplorerExtension
-
ExplorerMenu
-
ExtraService
-
StartMenu
-
TaskbarAccessMode
-
TaskbarIcon
-
TaskbarMenuMode
-
TaskbarMoveColor
-
UseService
The entries are only available for Windows platforms.
CheckCaExpire
Use this parameter to get a warning message when a CA has expired. Specify common name from the issuer field, use ;
to set multiple issuers. Default none, no warning message.
CheckCaExpire=Pointsharp CA v2;Pointsharp CA v3
CheckCardExpire
Use this parameter to get a warning message when a smart card is about to expire or has expired. Specify the number of days before the expiry that the message should be shown. It is also possible to specify a specific issuer name to only check certificates from a certain issuer and ignore all other certificates, separate with ,
. May also specify a list of number of days and issuer names, separate with ;
.
The card is about to expire when there is no certificate available with a validity that is longer than the specified number of days added to the current date.
Default value is 0; no warning message.
CheckCardExpire=30,CN=Pointsharp CA v2;
CheckCardExpire=30,CN=Pointsharp CA v2;20,CN=Inteom CA v3;
The warning message may be replaced with a custom action dialog, see Links Action for more information.
The certificate validity time must exceed twice the number specified to get a warning. This has been implemented to be able to handle the situation when the same CA is used to issue normal certificates and temporary certificates with short validity time. Temporary certificates will not get a warning message.
|
Use this parameter in combination with [DynamicStrings] to set a custom message with a direct URL link to a certificate update page. |
CheckEnroll
Use this parameter to get an event when a smart card without any or a specific certificate is inserted. The value may specify a token model name and token serial number followed by the CA which is wanted. All values may be empty, which means that any smart card without certificates will generate an enroll event. Token model name requires a complete string match and token number requires a start string match. May also specify a list of values, separate with ;
.
There is no warning message dialog, but it is possible to specify a custom action dialog, see Links Action for more information.
CheckEnroll=,,;
CheckEnroll=eID Smart Card,123456,CN=Pointsharp CA v3;
EnableWinlogon
Use this parameter to enable/disable register of supported smart cards in Registry.
Smart cards must be registered to handle CryptoAPI applications using smart card reader names when connecting towards the CSP. Typical applications are Microsoft smart card logon on all Windows platforms.
- 0
-
Smart cards are not registered
- 1
-
Smart cards are registered
Default value is 1; smart cards are registered.
EventList
Use this parameter to listen to custom events. The value is a list of event names separated with ;
and the action is specified in section Event <name>.
[General] EventList=TEST [Event TEST] 1=%InstallLocation%\iid.exe –test
The event is generated by calling the main loader component.
-
iid.exe –event TEST
There is also a special INTERNAL event, the name must still be specified in the list if used. The INTERNAL event will start the event by using the main loader.
-
iid.exe –event INTERNAL -about
This command will show the about box in the background service context.
ExplorerExtension
Use this parameter to specify which applications that enables/disables extending of some menu entries for Windows Explorer.
[General]
ExplorerExtension=explorer.exe
Default value is none; No applications will be configured.
ExplorerMenu
Use this parameter to enable/disable extending of some menu entries for Windows Explorer.
- 0
-
Explorer menu not available
- 1
-
Explorer menu available
Default value is 1; Explorer menu is available.
ExtraService
Use this parameter to configure a list of services that will be started/stopped by CertMover. Services in the list are separated by semicolon.
Default value is none; No services will be configured.
[General] ExtraService=SCS
StartMenu
Use this parameter to enable/disable installation of short cuts in the start menu.
- 0
-
Start menu entries are not available
- 1
-
Start menu entries are available
Default value is 1; start menu entries are available.
TaskbarAccessMode
Use this parameter to set access mode for the background service when moving certificates to CryptAPI store. The moving will be initiated by checking the smart card insert/remove event or via polling. The polling will occur each ten seconds, and the insert/remove event may be checked via PC/SC or PKCS#11.
-
0x01 – Check insert/remove event via PC/SC
-
0x02 – Check via polling
-
0x03 – Check insert/remove event via PKCS#11
There are also two different modes for reading certificates when a event is detected via mode above, either using PKCS#11 or CSP.
-
0x00 – Read certificate using CSP
-
0x10 – Read certificate using PKCS#11
Those two values are added for the complete access value.
0x01 + 0x00 = 0x01
0x03 + 0x10 = 0x13
Default value is 0x13.
TaskbarIcon
Use this parameter to show/hide the taskbar icon. The task bar icon will contain a menu with some short cuts for common tasks, see TaskbarMenuMode below for more information. The taskbar icon will also show progress when cards are inserted or removed.
- 0
-
Taskbar icon is hidden
- 1
-
Taskbar icon is visible
Default value is 1; task bar icon is visible.
TaskbarMenuMode
Use this parameter to limit the number of components that should be visible on the taskbar menu.
- 0x0001
-
Change PIN
- 0x0002
-
Unlock PIN
- 0x0004
-
Administration (if available)
- 0x0008
-
Crypt (if available)
- 0x0010
-
Trace
- 0x0040
-
Pause certificate service
- 0x0080
-
Refresh certificate service
- 0x0100
-
Exit
- 0x0200
-
Certificates
- 0x0400
-
View token
Combine the bitmasks with OR operation to select which components that should be visible. For example, to show all above:
TaskbarMenuMode=0x07DF
Default value is 0x07Df; all components are visible.
Entries for support and help in the [Links] configuration section will be added to the task bar menu if available. |
The [Links Custom] configuration section may be used to add additional entries to the task bar menu. |
UseService
Use this parameter to install the certificate service as a Windows service or a background process. The certificate service is the process which may show a taskbar icon with menu.
- 0
-
Install as a background process
- 1
-
Install as a Windows service
- -1
-
Do not install certificate service
Default value is 1; certificate service is installed as a Windows service.
It is not recommended to install as service any longer, since Windows Vista and later have increased the restrictions between the user environment and the system environment. |