CMGetCer.dll
============

Parameters 
----------	
/type 	(ProfileType)		0  Full Access Profile, 1  Cert Enroll/Bootstrap profile
/name 	(ProfileName)		%ServiceName% - Specify the profile name which is running the custom action (CertEnrollProfileName or FullAccessProfileName). Must exactly match the name specified in [Main]
/dir 	(Config_Path)		%ServiceDir% - directory where to find the configuration file
/f 	(Config_FileName)	configuration filename
/a 	(Action)		0  Check for certificate only. Doesnt do any other processing, but determines whether a certificate is present or not. Based on the type of profile (Full Access or Cert Enrollment) it then either exits or stays connected. See functional flow chart for appropriate behavior. 
				1  Proceed through custom action normally. Follows normal flow according to the configuration file. Any other value defaults to 1.

Usage:
	GetCertificate /type ProfileType /name ProfileName /dir Config_Path /f Config_FileName /a Action


In CMAK:
Description:
	Name your action

Program to run: (Browse for CMGetCer.dll - make sure it gets included in the service profile)
	CMGetCer.dll

Parameters:
	GetCertificate /type 0 /name %ServiceName% /dir %ServiceDir% /f configfile.txt /a 1

Action-Type:
	Select when you want this action to execute. 


Run this custom action for:
	Select when this should be run

Enable 'Include the custom action program with this service profile.' 
Enable 'Program interacts with the user'


As an example this is what a .cms file might look like if a profile is configured to run this custom action as a Pre-Tunnel and as a Connect action.

[Pre-Tunnel Actions]
0=profilename\cmgetcer.dll,GetCertificate /type 0 /name %ServiceName% /dir %ServiceDir% /f configfile.txt /a 1
0&Description=BootStrap - PreTunnel

[Connect Actions]
0=profilename\cmgetcer.dll,GetCertificate /type 0 /name %ServiceName% /dir %ServiceDir% /f configfile.txt /a 1
0&Description=BootStrap - PostConnect


Note:
Remember if only one profile is configured, it should be set as (/type 0) Full Access profile and CertEnrollProfileName value in the configuration file must be empty or not present.


=========================
Sample configuration file
=========================


[Main]
CertEnrollProfileName=EnrollProfileName
FullAccessProfileName=FullAccessName
EnableCertDetection=1
CertRequestMethod=0
RenewalPeriod=7
ShowUI=1


[UpdateConfigFile]
CheckForConfigFileUpdate=0
UpdateURL=http://websrv/update/configfile.txt
Version=3

[CertDetection]
CertDetectIssuer=0
CertDetectSubject=1
CertDetectUsage=0
CertDetectAltSubject=0
LogicalLocation=0
SystemStore=0
;SystemStore=1
CaseSensitiveDetect=0

[CertDetectIssuer]
CN=SrvRootCA


[CertDetectSubject]
S=CA

[CertDetectAltSubject]
domain.com


[CertDetectUsage]
1.3.6.1.5.5.7.3.2



[WebCertEnroll]
EnrollURL=http://websrv/certsrv
CertDetectPollTimeOut=10
CertDetectPollInterval=20
CertDetectSleep=5


[DirectCertEnroll]
CertServer=Websrv
CertServerCAName=SrvRootCA
GetMachineName=1
CAStore=0
Template=Machine
Usage=1.3.6.1.5.5.8.2.2
CN=Computers
DC=microsoft
DC=org
OU=IT
O=Template
L=City
S=WA
C=US


