The SetReg utility sets the value of the registry keys controlling the behavior of the Microsoft® Authenticode certificate verification process. These keys are called the Software Publishing State Keys. After completing the requested action, the utility displays the current state of the Software Publishing State Keys. For the latest documentation on setreg, see the CryptoAPI Tools section of the MSDN Library.
SetReg [options] [Choice # <TRUE | FALSE>]
For more information on application security, see the Platform SDK, Security section of the MSDN Library.
The options can be one of the following values.
Option | Internet Explorer Version | Description |
-q | 3.02 and later | Suppress the display of the Software Publishing State Key values after SetReg has completed the requested action. The values are displayed by default. |
-h | 3.02 only | List command syntax and options. |
-? | 4.0 and later | List command syntax and options. |
Choice # must be one of the following values. All the listed values are valid for Internet Explorer 3.02 and later, except 9 and 10, which are for Internet Explorer 4.0 or later only.
Choice | Description | Result |
1 | Trust the Test Root |
If TRUE, trusts a test root. This is equivalent to running "regedit wvtston.reg" in Internet Explorer 3.x. The default is FALSE. Any file signed with a test root will not verify unless this flag is set to TRUE. |
2 | Use expiration date on certificates | If TRUE, checks the certificate expiration date. To ignore expiration dates, set this flag to FALSE. The default is TRUE. |
3 | Check the revocation list | If TRUE, performs the revocation check. To bypass revocation check, set this flag to FALSE. The default is FALSE in Internet Explorer 3.x and TRUE in Internet Explorer 4.0 or later. |
4 | Offline revocation server OK (Individual) |
If TRUE, allows offline approval for individual certificates. The default is FALSE. |
5 | Offline revocation server K (Commercial) |
If TRUE, allows offline approval for commercial certificates. The default is FALSE. |
6 | Java offline revocation server OK (Individual) | If TRUE, allows offline approval for individual certificates and does not display the user interface for bad certificates. The default is FALSE. |
7 | Java offline revocation server OK (Commercial) | If TRUE, allows offline approval for commercial certificates and does not display the user interface for bad certificates. The default is FALSE |
8 | Invalidate version 1 signed objects | If TRUE, invalidates version 1 signed objects. The default is FALSE. |
9 | Check the revocation list of timestamp server | If TRUE, performs the revocation check on the timestamp server's certificate. The default is FALSE. For Internet Explorer 4.0 or later only. |
10 | Only trust items found in the Trust database | If TRUE, allows downloads from publishers that are contained in the Personal Trust Database. The default is FALSE. For Internet Explorer 4.0 or later only. |
The following command lists the syntax and options for using SetReg:
setreg -?
The following command makes a test root trusted. By default, a test root is not trusted. After any changes in the key values are made, a list of the current value of all the key values is displayed. If the -q option is used, the key values are not displayed:
setreg 1 TRUE
The following command makes a test root untrusted and causes all verification to check for revocation. The -q option is used so that the list of key values is not displayed:
setreg -g 1 FALSE 3 TRUE
Note Commands, options, and arguments are not case-sensitive.