x509certificate - Loading a server-side certificate *and* a private key from Windows Server cert store? -

i'm trying external rest webservice requires both server-side certificate , private key (both of got publisher *.pem files of service).

for testing, googled , found way combine these 2 pieces *.pfx file - , loading x509certificate2 instance binary file on disk works fine.

now trying put cert store on production windows server 2008.

i can x509certificate2 cert store in c# code - no problem:

x509store store = new x509store(storelocation.currentuser); store.open(openflags.readonly);  x509certificate2collection certs = store.certificates.find(x509findtype.findbyserialnumber, "serial-number-here", false);  if (certs.count > 0) {     x509certificate2 cert = certs[0];      // set certificate on restclient call rest service     _restclient.clientcertificates.add(cert); }  store.close(); 

but when this, web service barfs @ me, claiming needs "ssl certificate"...

also: when loading x509certificate2 disk, *.pfx file, had provide password - nothing needs provided here, when loading cert store.... odd....

it seems though imported *.pfx contains both server-side certificate , our private key, somehow cannot both cert store...

any idea how can work? need load private key cert store in second step? how?

these certificates still remain big voodoo-like mystery me ..... can enlighten me?

the first thing check see whether certificate store have private key.

1. open certificate management snappin , find certificate, double click , make sure has red highlighted section in image below:

next, if private key in store maybe account accessing certificate not have permissions on private key. there 2 ways check this:

1. in certificate management snappin, right click certificate > tasks > manage private keys. (you should able check , edit permissions here)
2. in code access privatekey property (i.e. var privatekey = cert.privatekey , see whether back).