public static void AddPrivateKeyReadPermission(this X509Certificate2 cert, IdentityReference account) { string location = NativeMethods.GetKeyLocation(cert); if (location == null) { throw new CertificateNotFoundException("The certificate private key was not found. Manually add permissions for the service account to read this private key"); } FileInfo info = new FileInfo(location); info.AddFileSecurity(account, FileSystemRights.Read, AccessControlType.Allow); }