Private key is no longer exportable from x509 certificatestore on Windows

[sveinfolkeson]

Type of issue

• Bug
• Enhancement
• Compliance
• Question
• Help wanted

Current Behavior

In earlier versions of OPC Foundation framework the private keys where exportable but now it is not possible to export them.
When I try to connect to an UA Server with a GDS certificate to X509 LocalComputer/UA Applications, generated by version 1.5.374.78, I get the error message :
10/16/2024 09:50:36.992 Trying to add certificate to cache with invalid private key.
10/16/2024 09:50:37.007 Trying to add certificate to cache with invalid private key.
10/16/2024 09:50:37.070 Unexpected error in '(null)'.
BadConfigurationError 'Cannot access certificate private key. Subject=CN=xxxx, DC=yy.yy.yy.yyy'

Expected Behavior

No response

Steps To Reproduce

No response

Environment

- OS: Win 11
- Environment:
- Runtime: .NET Framework 4.8
- Nuget Version: 1.5.374.78
- Component: UA GDS Client
- Server:
- Client:

Anything else?

No response

[mregen]

Hi @sveinfolkeson, maybe it is related also to this issue: OPCFoundation/UA-.NETStandard#2765
Thanks for the report, we are investigating.

[sveinfolkeson]

Hi.
Please let me know if there is any progress with this issue.
As it is now the only way I can add a client certificate, that works, is to create the application certificate to a directory location and then install the pfx key to X509 from this directory location. When I try to install directly to X509, using the GDSClient software I get the error 'Cannot access certificate private key' when I start up the client I have created certificate for.