Client certs without using the keystore

Question

I'm trying to figure out if there is any way to have a .NET client use a client certificate without involving the Windows keystore in any way.

I have a code snippet like this:

test1.Service s = new test1.Service();
X509Certificate c = X509Certificate.CreateFromCertFile(@"C:\test.pem");
s.ClientCertificates.Add(c);
int result = s.TestMethod();

However, this only works if I also have the certificate referenced in "test.pem" installed in my certificate store. I assume this is because the key is necessary for the negotiation. If I don't have the cert/key in the store, the cert is not sent with the request.

What I want to do is be able to provide both the certificate and private key from a file or files and not involve the Windows certificate store in any way.

Is there any way to do this?

Answer 1

I'm going to post an answer to my own post, but will leave it open to see if others can solve it different.

Basically, I'm punting. If you have a PKCS12 file (with both key and cert in it) you can use the X509Certificate2 class to load that file and use it, and it won't interrogate the keystore.

I could not find a way to do this with flat PEM key and cert files (like what you'd need with Python, for example).