CryptographicException 'Keyset does not exist', but only through WCF

Question

This is most likely because the IIS user doesn't have access to the private key for your certificate. You can set this by following these steps...

1. Start → Run → MMC
2. File → Add/Remove Snapin
3. Add the Certificates Snap In
4. Select Computer Account, then hit next
5. Select Local Computer (the default), then click Finish
6. On the left panel from Console Root, navigate to Certificates (Local Computer) → Personal → Certificates
7. Your certificate will most likely be here.
8. Right click on your certificate → All Tasks → Manage Private Keys
9. Set your private key settings here.

It will probably be a permissions problem on the certificate.

When running a unit test you are going to be executing those under your own user context, which (depending on what store the client certificate is in) will have access to that certificate's private key.

However if your WCF service is hosted under IIS, or as a Windows Service it's likely it will be running under a service account (Network Service, Local Service or some other restricted account).

You will need to set the appropriate permissions on the private key to allow that service account access to it. MSDN has the details

I've had identical issue last night. Permissions on private key were set correctly, everything was apparently fine except the Keyset doesn't exist error. In the end it turned out that certificate was imported to the current user store first and then moved to local machine store. However - that didn't move the private key, which was still in the

C:\Documents and settngs\Administrator...

instead of

C:\Documents and settngs\All users...

Altough permissions on the key were set correctly, ASPNET couldn't access it. When we re-imported certificate so that private key is placed in the All users branch, the problem disappeared.

To solve the “Keyset does not exist” when browsing from IIS: It may be for the private permission

To view and give the permission:

1. Run>mmc>yes
2. click on file
3. Click on Add/remove snap-in…
4. Double click on certificate
5. Computer Account
6. Next
7. Finish
8. Ok
9. Click on Certificates(Local Computer)
10. Click on Personal
11. Click Certificates

To give the permission:

1. Right Click on the name of certificate
2. All Tasks>Manage Private Keys…
3. Add and give the privilege( adding IIS_IUSRS and giving it the privilege works for me )

Had the same problem while trying to run WCF app from Visual Studio. Solved it by running Visual Studio as administrator.

I have faced this issue, my certificates where having private key but i was getting this error("Keyset does not exist")

Cause: Your web site is running under "Network services" account or having less privileges.

Solution: Change Application pool identity to "Local System", reset IIS and check again. If it starts working it is permission/Less privilege issue, you can impersonate then using other accounts too.