CryptographicException 'Keyset does not exist', but only through WCF

This is most likely because the IIS user doesn't have access to the private key for your certificate. You can set this by following these steps...

  1. Start → Run → MMC
  2. File → Add/Remove Snapin
  3. Add the Certificates Snap In
  4. Select Computer Account, then hit next
  5. Select Local Computer (the default), then click Finish
  6. On the left panel from Console Root, navigate to Certificates (Local Computer) → Personal → Certificates
  7. Your certificate will most likely be here.
  8. Right click on your certificate → All Tasks → Manage Private Keys
  9. Set your private key settings here.

It will probably be a permissions problem on the certificate.

When running a unit test you are going to be executing those under your own user context, which (depending on what store the client certificate is in) will have access to that certificate's private key.

However if your WCF service is hosted under IIS, or as a Windows Service it's likely it will be running under a service account (Network Service, Local Service or some other restricted account).

You will need to set the appropriate permissions on the private key to allow that service account access to it. MSDN has the details

Tags:

.Net

Wcf

X509