• CheckCaExpire

  • CheckCardExpire

  • CheckEnroll

  • CheckSoftExpire

  • EnableWinlogon

  • EventList

  • ExplorerExtension

  • ExplorerMenu

  • ExtraService

  • StartMenu

  • TaskbarAccessMode

  • TaskbarIcon

  • TaskbarMenuMode

  • TaskbarMoveColor

  • UseService

The entries are only available for Windows platforms.


Use this parameter to get a warning message when a CA has expired. Specify common name from the issuer field, use ; to set multiple issuers. Default none, no warning message.

CheckCaExpire=SecMaker CA v2;SecMaker CA v3


Use this parameter to get a warning message when a smart card is about to expire or has expired. Specify the number of days before the expiry that the message should be shown. It is also possible to specify a specific issuer name to only check certificates from a certain issuer and ignore all other certificates, separate with ,. May also specify a list of number of days and issuer names, separate with ;.

The card is about to expire when there is no certificate available with a validity that is longer than the specified number of days added to the current date.

Default value is 0; no warning message.

CheckCardExpire=30,CN=SecMaker CA v2;
CheckCardExpire=30,CN=SecMaker CA v2;20,CN=Inteom CA v3;

The warning message may be replaced with a custom action dialog, see Links Action for more information.

The certificate validity time must exceed twice the number specified to get a warning. This has been implemented to be able to handle the situation when the same CA is used to issue normal certificates and temporary certificates with short validity time. Temporary certificates will not get a warning message.
Use this parameter in combination with [DynamicStrings] to set a custom message with a direct URL link to a certificate update page.


Use this parameter to get an event when a smart card without any or a specific certificate is inserted. The value may specify a token model name and token serial number followed by the CA which is wanted. All values may be empty, which means that any smart card without certificates will generate an enroll event. Token model name requires a complete string match and token number requires a start string match. May also specify a list of values, separate with ;.

There is no warning message dialog, but it is possible to specify a custom action dialog, see Links Action for more information.

CheckEnroll=eID Smart Card,123456,CN=SecMaker CA v3;


Identical to CheckCardExpire, but will check soft tokens instead of smart cards.


Use this parameter to enable/disable register of supported smart cards in Registry.

Smart cards must be registered to handle CryptoAPI applications using smart card reader names when connecting towards the CSP. Typical applications are Microsoft smart card logon on all Windows platforms.


Smart cards are not registered


Smart cards are registered

Default value is 1; smart cards are registered.


Use this parameter to listen to custom events. The value is a list of event names separated with ; and the action is specified in section Event <name>.

[Event TEST]
1=%InstallLocation%\iid.exe –test

The event is generated by calling the main loader component.

  • iid.exe –event TEST

There is also a special INTERNAL event, the name must still be specified in the list if used. The INTERNAL event will start the event by using the main loader.

  • iid.exe –event INTERNAL -about

This command will show the about box in the background service context.


Use this parameter to specify which applications that enables/disables extending of some menu entries for Windows Explorer.


Default value is none; No applications will be configured.


Use this parameter to enable/disable extending of some menu entries for Windows Explorer.


Explorer menu not available


Explorer menu available

Default value is 1; Explorer menu is available.


Use this parameter to configure a list of services that will be started/stopped by CertMover. Services in the list are separated by semicolon.
Default value is none; No services will be configured.



Use this parameter to enable/disable installation of short cuts in the start menu.


Start menu entries are not available


Start menu entries are available

Default value is 1; start menu entries are available.


Use this parameter to set access mode for the background service when moving certificates to CryptAPI store. The moving will be initiated by checking the smart card insert/remove event or via polling. The polling will occur each ten seconds, and the insert/remove event may be checked via PC/SC or PKCS#11.

  • 0x01 – Check insert/remove event via PC/SC

  • 0x02 – Check via polling

  • 0x03 – Check insert/remove event via PKCS#11

There are also two different modes for reading certificates when a event is detected via mode above, either using PKCS#11 or CSP.

  • 0x00 – Read certificate using CSP

  • 0x10 – Read certificate using PKCS#11

Those two values are added for the complete access value.

Example 1. Detect via PC/SC and read via CSP:
0x01 + 0x00 = 0x01
Example 2. Detect via PKCS#11 and read via PKCS#11:
0x03 + 0x10 = 0x13

Default value is 0x13.


Use this parameter to show/hide the taskbar icon. The task bar icon will contain a menu with some short cuts for common tasks, see TaskbarMenuMode below for more information. The taskbar icon will also show progress when cards are inserted or removed.


Taskbar icon is hidden


Taskbar icon is visible

Default value is 1; task bar icon is visible.


Use this parameter to limit the number of components that should be visible on the taskbar menu.


Change PIN


Unlock PIN


Administration (if available)


Crypt (if available)




Pause certificate service


Refresh certificate service






View token

Combine the bitmasks with OR operation to select which components that should be visible. For example, to show all above:


Default value is 0x07Df; all components are visible.

Entries for support and help in the [Links] configuration section will be added to the task bar menu if available.
The [Links Custom] configuration section may be used to add additional entries to the task bar menu.


Use this parameter to install the certificate service as a Windows service or a background process. The certificate service is the process which may show a taskbar icon with menu.


Install as a background process


Install as a Windows service


Do not install certificate service

Default value is 1; certificate service is installed as a Windows service.

It is not recommended to install as service any longer, since Windows Vista and later have increased the restrictions between the user environment and the system environment.