If your website uses the AppPoolIdentity and requires access to the private key of an x509Certficate, you’ll need to grant the read permissions to the iis application pool.
To grant permissions to the AppPoolIdentity:
- Run Certificates.MMC (or Start->run->mmc.exe, Add Certificate Snap-In for LocalMachine)
- Select the certificate (Personal node on the certificate tree) , right click and Manage Permissions.
- Add a new user to the permissions list.
- Enter “IIS AppPool\AppPoolName” on the local machine”. Replace “AppPoolName” with the name of your application pool.