While creating a client for a web service, I came across the following.
The web service uses https with a client certificate which I imported into the certificate store:
var cert = new X509Certificate2(certificate, password);
var store = new X509Store(storeName, storeLocation);
While this worked on my local machine it did not work on the workstations the client actually runs on. The default response to any request sent from these clients was: ‘Could not create SSL/TLS secure channel.’.
At first I thought it had something to do with user rights. Nope, importing the certificate by hand with the same user as the client process did work. After some trial and error I discovered Windows 8.1 apparently stores the private key by default and Windows XP POSReady and Windows 7 POSReady do not.
By adding the appropriate X509KeyStorageFlags (PersistKeySet and DefaultKeySet) Windows POSReady also stores the private key:
var cert = new X509Certificate2(certificate, password, X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.DefaultKeySet);
Now the certificate is imported correctly an no more: ‘Could not create SSL/TLS secure channel.’.