static void ValidatePrivateKey(X509Certificate2 certificate) { bool hasPrivateKey = false; try { if (System.ServiceModel.LocalAppContextSwitches.DisableCngCertificates) { hasPrivateKey = certificate != null && certificate.PrivateKey != null; } else { hasPrivateKey = certificate.HasPrivateKey && SecurityUtils.CanReadPrivateKey(certificate); } } catch (SecurityException e) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentException(SR.GetString(SR.SslCertMayNotDoKeyExchange, certificate.SubjectName.Name), e)); } catch (CryptographicException e) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentException(SR.GetString(SR.SslCertMayNotDoKeyExchange, certificate.SubjectName.Name), e)); } if (!hasPrivateKey) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentException(SR.GetString(SR.SslCertMustHavePrivateKey, certificate.SubjectName.Name))); } }