To the two above: Use the FindPrivateKey utility located in the WCF samples to find the location of the private key, and then set the permissions accordingly.

I spent many hours today while having the same problem, and I came up with the following solution

To install a self signed certificate

makecert.exe -sr LocalMachine -ss MY -a sha1 -n CN=%SERVER_NAME% -sky exchange -pe

certmgr.exe -add -r LocalMachine -s My -c -n %SERVER_NAME% -r LocalMachine -s TrustedPeople

To use the FindKeyUtility

FindPrivateKey.exe TrustedPeople LocalMachine Private key directory: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys Private key file name: 756e9ecb7bb8ed83bf80031497479997_8a4ee4f0-1f8d-4d2e-b1bf-fff1d5b15e61

And then, you can go to the specified folder and change the permissions...

Moreover, I needed to set this in the client's config file

and add this to the endpoint configuration

behaviorConfiguration="ClientCertificateBehavior"

Finally, pay attention to the

element, in the client.

The dns value must much the one in the certificate.

Good luck!!