-setreg
CertUtil [Options] -setreg [{ca|restore|policy|exit|template|enroll|chain|PolicyServers}\[ProgId\]]RegistryValueName Value
Set registry value
ca: Use CA's registry key
restore: Use CA's restore registry key
policy: Use policy module's registry key
exit: Use first exit module's registry key
template: Use template registry key (use -user for user templates)
enroll: Use enrollment registry key (use -user for user context)
chain: Use chain configuration registry key
PolicyServers: Use Policy Servers registry key
ProgId: Use policy or exit module's ProgId (registry subkey name)
RegistryValueName: registry value name (use "Name*" to prefix match)
Value: new numeric, string or date registry value or filename. If a numeric value starts with "+" or "-", the bits specified in the new value are set or cleared in the existing registry value.
If a string value starts with "+" or "-", and the existing value is a REG_MULTI_SZ value, the string is added to or removed from the existing registry value. To force creation of a REG_MULTI_SZ value, add a "\n" to the end
of the string value.
If the value starts with "@", the rest of the value is the name of the file containing the hexadecimal text representation of a binary value. If it does not refer to a valid file, it is instead parsed as [Date][+|-][dd:hh] -- an optional date
plus or minus optional days and hours. If both are specified, use a plus sign (+) or minus sign (-) separator. Use "now+dd:hh" for a date relative to the current time.
Use "chain\ChainCacheResyncFiletime @now" to effectively flush cached CRLs.
[-f] [-user] [-GroupPolicy] [-config Machine\CAName]