This is most likely because the IIS user doesn't have access to the private key for your certificate. You can set this by following these steps...

这很可能是因为 IIS 用户无权访问您的证书的私钥。您可以按照以下步骤进行设置...

1. Start -> Run -> MMC
2. File -> Add/Remove Snapin
3. Add the Certificates Snap In
4. Select Computer Account, then hit next
5. Select Local Computer (the default), then click Finish
6. On the left panel from Console Root, navigate to Certificates (Local Computer) -> Personal -> Certificates
7. Your certificate will most likely be here.
8. Right click on your certificate -> All Tasks -> Manage Private Keys
9. Set your private key settings here.

1. 开始 -> 运行 -> MMC
2. 文件 -> 添加/删除管理单元
3. 添加证书管理单元
4. 选择计算机帐户，然后点击下一步
5. 选择本地计算机（默认），然后单击完成
6. 在 Console Root 的左侧面板上，导航到 Certificates (Local Computer) -> Personal -> Certificates
7. 您的证书很可能会在这里。
8. 右键单击您的证书 -> 所有任务 -> 管理私钥
9. 在此处设置您的私钥设置。

It will probably be a permissions problem on the certificate.

这可能是证书的权限问题。

When running a unit test you are going to be executing those under your own user context, which (depending on what store the clientcertificate is in) will have access to that certificate's private key.

运行单元测试时，您将在您自己的用户上下文中执行那些单元测试，这（取决于客户端证书所在的存储）将有权访问该证书的私钥。

However if your WCF service is hosted under IIS, or as a Windows Service it's likely it will be running under a service account (Network Service, Local Service or some other restricted account).

但是，如果您的 WCF 服务托管在 IIS 下，或者作为 Windows 服务，它很可能会在服务帐户（网络服务、本地服务或其他一些受限帐户）下运行。

You will need to set the appropriate permissions on the private key to allow that service account access to it. MSDN has the details

您需要为私钥设置适当的权限，以允许该服务帐户访问它。MSDN有详细信息

I've had identical issue last night. Permissions on private key were set correctly, everything was apparently fine except the Keyset doesn't exist error. In the end it turned out that certificate was imported to the current user store first and then moved to local machine store. However - that didn't move the private key, which was still in the

我昨晚遇到了同样的问题。私钥的权限设置正确，除了密钥集不存在错误外，一切显然都很好。最后证明是先将证书导入当前用户存储，然后再移动到本地机器存储。但是 - 这并没有移动私钥，它仍然在

C:\Documents and settngs\Administrator...

C:\Documents and settngs\Administrator...

instead of

代替

C:\Documents and settngs\All users...

C:\Documents and settngs\所有用户...

Altough permissions on the key were set correctly, ASPNET couldn't access it. When we re-imported certificate so that private key is placed in the All users branch, the problem disappeared.

尽管密钥的权限设置正确，但 ASPNET 无法访问它。当我们重新导入证书以便将私钥放在所有用户分支时，问题就消失了。

To solve the “Keyset does not exist” when browsing from IIS:It may be for the private permission

解决IIS浏览时“Keyset不存在”的问题：可能是私有权限

To view and give the permission:

查看并授予权限：

1. Run>mmc>yes
2. click on file
3. Click on Add/remove snap-in…
4. Double click on certificate
5. Computer Account
6. Next
7. Finish
8. Ok
9. Click on Certificates(Local Computer)
10. Click on Personal
11. Click Certificates

1. 运行>mmc>是
2. 点击文件
3. 单击添加/删除管理单元...
4. 双击证书
5. 电脑账号
6. 下一个
7. 结束
8. 好的
9. 单击证书（本地计算机）
10. 点击个人
11. 单击证书

To give the permission:

授予权限：

1. Right Click on the name of certificate
2. All Tasks>Manage Private Keys…
3. Add and give the privilege( adding IIS_IUSRS and giving it the privilege works for me )

1. 右键单击证书名称
2. 所有任务>管理私钥...
3. 添加并授予权限（添加 IIS_IUSRS 并授予它权限对我有用）

Had the same problem while trying to run WCF app from Visual Studio. Solved it by running Visual Studio as administrator.

尝试从 Visual Studio 运行 WCF 应用程序时遇到同样的问题。通过以管理员身份运行 Visual Studio 解决了这个问题。

I have faced this issue, my certificates where having private key but i was getting this error("Keyset does not exist")

我遇到了这个问题，我的证书有私钥，但我收到了这个错误（“密钥集不存在”）

Cause:Your web site is running under "Network services" account or having less privileges.

原因：您的网站在“网络服务”帐户下运行或权限较低。

Solution: Change Application pool identity to "Local System", reset IIS and check again. If it starts working it is permission/Less privilege issue, you can impersonate then using other accounts too.

解决方案：将应用程序池标识更改为“本地系统”，重置 IIS 并再次检查。如果它开始工作，则是权限/较少权限问题，您也可以模拟然后使用其他帐户。

Totally frustrating, I had the same issue and tried most of the above. The exported certificate correctly had permissions to read the file in C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys, however as it turns out it didn't have permission on the folder. Added it and it worked

完全令人沮丧，我遇到了同样的问题并尝试了上述大部分方法。导出的证书正确地有权读取 中的文件C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys，但事实证明它没有对该文件夹的权限。添加它并且它起作用了

I was getting the error : CryptographicException 'Keyset does not exist' when i run the MVC application.

我收到错误消息：运行 MVC 应用程序时出现 CryptographicException 'Keyset does not exist'。

Solution was : to give access to the personal certificates to the account that application pool is running under. In my case it was to add IIS_IUSRS and choosing the right location resolved this issue.

解决方案是：向运行应用程序池的帐户授予对个人证书的访问权限。就我而言，它是添加 IIS_IUSRS 并选择正确的位置解决了这个问题。

RC on the Certificate - > All tasks -> Manage Private Keys -> Add->  
For the From this location : Click on Locations and make sure to select the Server name. 
In the Enter the object names to select : IIS_IUSRS and click ok. 

I have exactly similar problem too. I have used the command

我也有完全类似的问题。我已经使用了命令

findprivatekey root localmachine -n "CN="CertName" 

the result shows that the private key is in c:\ProgramData folder instead of C:\Documents and settngs\All users..

结果显示私钥在 c:\ProgramData 文件夹中，而不是 C:\Documents 和 settngs\All users..

When I delete the key from c:\ProgramData folder, again run the findPrivatekey command does not succeed. ie. it does not find the key.

当我从 c:\ProgramData 文件夹中删除密钥时，再次运行 findPrivatekey 命令没有成功。IE。它没有找到钥匙。

But if i search the same key returned by earlier command, i can still find the key in

但是如果我搜索先前命令返回的相同密钥，我仍然可以在

C:\Documents and settngs\All users..

C:\Documents and settngs\All users..

So to my understanding, IIS or the hosted WCF is not finding the private key from C:\Documents and settngs\All users..

因此，据我所知，IIS 或托管的 WCF 没有从 C:\Documents 和 settngs\All users 中找到私钥。

The Answer from Steve Sheldon fixed the problem for me, however, as I am scripting certificate permissions with out a gui, I needed a scriptable solution. I struggled to find where my private key was stored . The private key was not in -C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys, eventually I found that it was actually in C:\ProgramData\Microsoft\Crypto\Keys. Below I describe how I found that out:

Steve Sheldon 的回答为我解决了这个问题，但是，由于我正在编写没有 gui 的证书权限脚本，因此我需要一个可编写脚本的解决方案。我很难找到我的私钥的存储位置。私钥不在-C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys，最终我发现它实际上在C:\ProgramData\Microsoft\Crypto\Keys. 下面我将描述我是如何发现这一点的：

I tried FindPrivateKeybut it could not find the private key, and using powershell the $cert.privatekey.cspkeycontainerinfo.uniquekeycontainernamewas null/empty.

我试过了，FindPrivateKey但它找不到私钥，而使用 powershell 则为$cert.privatekey.cspkeycontainerinfo.uniquekeycontainername空/空。

Luckily, certutil -store mylisted the certificate and gave me the details I needed to script the solution.

幸运的是，certutil -store my列出了证书并给了我编写解决方案脚本所需的详细信息。

================ Certificate 1 ================ Serial Number: 162f1b54fe78c7c8fa9df09 Issuer: CN=*.internal.xxxxxxx.net NotBefore: 23/08/2019 14:04 NotAfter: 23/02/2020 14:24 Subject: CN=*.xxxxxxxnet Signature matches Public Key Root Certificate: Subject matches Issuer Cert Hash(sha1): xxxxa5f0e9f0ac8b7dd634xx Key Container = {407EC7EF-8701-42BF-993F-CDEF8328DD} Unique container name: 8787033f8ccb5836115b87acb_ca96c65a-4b42-a145-eee62128a ##* ^-- filename for private key*## Provider = Microsoft Software Key Storage Provider Private key is NOT plain text exportable Encryption test passed CertUtil: -store command completed successfully.

================ Certificate 1 ================ Serial Number: 162f1b54fe78c7c8fa9df09 Issuer: CN=*.internal.xxxxxxx.net NotBefore: 23/08/2019 14:04 NotAfter: 23/02/2020 14:24 Subject: CN=*.xxxxxxxnet Signature matches Public Key Root Certificate: Subject matches Issuer Cert Hash(sha1): xxxxa5f0e9f0ac8b7dd634xx Key Container = {407EC7EF-8701-42BF-993F-CDEF8328DD} Unique container name: 8787033f8ccb5836115b87acb_ca96c65a-4b42-a145-eee62128a ##* ^-- filename for private key*## Provider = Microsoft Software Key Storage Provider Private key is NOT plain text exportable Encryption test passed CertUtil: -store command completed successfully.

I then scanned c\ProgramData\Microsoft\Crypto\folder and found the file 8787033f8ccb5836115b87acb_ca96c65a-4b42-a145-eee62128ain C:\ProgramData\Microsoft\Crypto\Keys.

然后我扫描c\ProgramData\Microsoft\Crypto\文件夹并在C:\ProgramData\Microsoft\Crypto\Keys 中找到了文件8787033f8ccb5836115b87acb_ca96c65a-4b42-a145-eee62128a。

Giving my service account read access this file fixed the issues for me

授予我的服务帐户读取权限此文件为我解决了问题